Lucene search

SICK AGCVELIST:CVE-2023-31410

HistoryJun 19, 2023 - 2:57 p.m.

CVE-2023-31410

2023-06-1914:57:52

SICK AG

www.cve.org

sick eventcam app

transport layer security

tls

unauthorized disclosure

man-in-the-middle

communication channel

eavesdropping

data manipulation

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.6%

JSON

A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK EventCam App. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attacker can exploit this weakness to eavesdrop on the communication between the EventCam App and the Client, and potentially manipulate the data being transmitted.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "EventCam App",
    "vendor": "SICK AG",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  }
]

References

sick.com/.well-known/csaf/white/2023/sca-2023-0005.json

sick.com/.well-known/csaf/white/2023/sca-2023-0005.pdf

sick.com/psirt

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.6%

JSON

Related for CVELIST:CVE-2023-31410