Lucene search

SICK AGCVELIST:CVE-2023-4420

HistoryAug 24, 2023 - 6:11 p.m.

CVE-2023-4420

2023-08-2418:11:39

SICK AG

www.cve.org

sick lms5xx

tls

remote attacker

intercept communication

manipulate data

disclosure of sensitive information

eavesdrop

unauthorized disclosure

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.8%

JSON

A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK LMS5xx. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attacker can exploit this weakness to eavesdrop on the communication between the LMS5xx and the Client, and potentially manipulate the data being transmitted.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "LMS5xx",
    "vendor": "SICK AG",
    "versions": [
      {
        "status": "affected",
        "version": "all firmware versions"
      }
    ]
  }
]

References

sick.com/.well-known/csaf/white/2023/sca-2023-0007.json

sick.com/.well-known/csaf/white/2023/sca-2023-0007.pdf

sick.com/psirt

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.8%

JSON

Related for CVELIST:CVE-2023-4420