Lucene search

SICK AGCVELIST:CVE-2023-43696

HistoryOct 09, 2023 - 11:51 a.m.

CVE-2023-43696

2023-10-0911:51:45

CWE-284

SICK AG

www.cve.org

improper access control

sick apu

ftp

remote attacker

arbitrary files

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

9.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.9%

JSON

Improper Access Control in SICK APU allows an unprivileged remote attacker to
download as well as upload arbitrary files via anonymous access to the FTP server.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "APU0200",
    "vendor": "SICK AG",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  }
]

References

sick.com/.well-known/csaf/white/2023/sca-2023-0010.json

sick.com/.well-known/csaf/white/2023/sca-2023-0010.pdf

sick.com/psirt

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

9.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.9%

JSON

Related for CVELIST:CVE-2023-43696