Lucene search

[email protected]CVE-2023-43697

HistoryOct 09, 2023 - 1:15 p.m.

CVE-2023-43697

2023-10-0913:15:10

CWE-471

[email protected]

web.nvd.nist.gov

cve-2023-43697

sick apu

maid

rdt400

security vulnerability

remote attacker

http request

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.5%

JSON

Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an
unprivileged remote attacker to make the site unable to load necessary strings via changing file paths
using HTTP requests.

Affected configurations

NVD

Node

sickapu0200_firmwareRange<4.0.0.6

AND

sickapu0200Match-

CPENameOperatorVersion
sick:apu0200_firmwaresick apu0200 firmwarelt4.0.0.6

CPE	Name	Operator	Version
sick:apu0200_firmware	sick apu0200 firmware	lt	4.0.0.6

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "APU0200",
    "vendor": "SICK AG",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  }
]

References

sick.com/.well-known/csaf/white/2023/sca-2023-0010.json

sick.com/.well-known/csaf/white/2023/sca-2023-0010.pdf

sick.com/psirt

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.5%

JSON

Related for CVE-2023-43697

nvd1 prion1 cvelist1