Lucene search

SICK AGCVELIST:CVE-2023-35699

HistoryJul 10, 2023 - 9:39 a.m.

CVE-2023-35699

2023-07-1009:39:45

CWE-313

SICK AG

www.cve.org

cleartext storage

disclosure

sick icr890-4

unauthenticated attacker

local access

sensitive information

sd card

5.3 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

19.4%

JSON

Cleartext Storage on Disk in the SICK ICR890-4 could allow an unauthenticated attacker with local access to the device to disclose sensitive information by accessing a SD card.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "ICR890-4",
    "vendor": "SICK AG",
    "versions": [
      {
        "lessThan": "2.5.0",
        "status": "affected",
        "version": "0",
        "versionType": "*"
      }
    ]
  }
]

References

sick.com/.well-known/csaf/white/2023/sca-2023-0006.json

sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf

sick.com/psirt

5.3 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

19.4%

JSON

Related for CVELIST:CVE-2023-35699