SICK AGCVE-2023-4420CVE-2023-4420
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
40.4%
A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK LMS5xx. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attacker can exploit this weakness to eavesdrop on the communication between the LMS5xx and the Client, and potentially manipulate the data being transmitted.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sick | lms531_firmware | * | cpe:2.3:o:sick:lms531_firmware:*:*:*:*:*:*:*:* |
| sick | lms531 | - | cpe:2.3:h:sick:lms531:-:*:*:*:*:*:*:* |
| sick | lms511_firmware | * | cpe:2.3:o:sick:lms511_firmware:*:*:*:*:*:*:*:* |
| sick | lms511 | - | cpe:2.3:h:sick:lms511:-:*:*:*:*:*:*:* |
| sick | lms500_firmware | * | cpe:2.3:o:sick:lms500_firmware:*:*:*:*:*:*:*:* |
| sick | lms500 | - | cpe:2.3:h:sick:lms500:-:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "affected",
"product": "LMS5xx",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
40.4%