Lucene search

SICK AGCVE-2023-4419

HistoryAug 24, 2023 - 7:15 p.m.

CVE-2023-4419

2023-08-2419:15:43

CWE-798

SICK AG

web.nvd.nist.gov

lms5xx

hard-coded credentials

unauthorized access

remote attack

device disruption

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.002

Percentile

59.2%

JSON

The LMS5xx uses hard-coded credentials, which potentially allow low-skilled
unauthorized remote attackers to reconfigure settings and /or disrupt the functionality of the device.

Affected configurations

Nvd

Node

sicklms531_firmware

AND

sicklms531Match-

Node

sicklms511_firmware

AND

sicklms511Match-

Node

sicklms500_firmware

AND

sicklms500Match-

VendorProductVersionCPE
sicklms531_firmware*cpe:2.3:o:sick:lms531_firmware:*:*:*:*:*:*:*:*
sicklms531-cpe:2.3:h:sick:lms531:-:*:*:*:*:*:*:*
sicklms511_firmware*cpe:2.3:o:sick:lms511_firmware:*:*:*:*:*:*:*:*
sicklms511-cpe:2.3:h:sick:lms511:-:*:*:*:*:*:*:*
sicklms500_firmware*cpe:2.3:o:sick:lms500_firmware:*:*:*:*:*:*:*:*
sicklms500-cpe:2.3:h:sick:lms500:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sick	lms531_firmware	*	cpe:2.3:o:sick:lms531_firmware::::::::
sick	lms531	-	cpe:2.3:h:sick:lms531:-:::::::*
sick	lms511_firmware	*	cpe:2.3:o:sick:lms511_firmware::::::::
sick	lms511	-	cpe:2.3:h:sick:lms511:-:::::::*
sick	lms500_firmware	*	cpe:2.3:o:sick:lms500_firmware::::::::
sick	lms500	-	cpe:2.3:h:sick:lms500:-:::::::*

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "LMS5xx",
    "vendor": "SICK AG",
    "versions": [
      {
        "lessThan": " V2.21",
        "status": "affected",
        "version": "0",
        "versionType": "*"
      }
    ]
  }
]

References

sick.com/.well-known/csaf/white/2023/sca-2023-0007.json

sick.com/.well-known/csaf/white/2023/sca-2023-0007.pdf

sick.com/psirt

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.002

Percentile

59.2%

JSON

Related for CVE-2023-4419