Lucene search

SICK AGCVELIST:CVE-2023-5100

HistoryOct 09, 2023 - 12:05 p.m.

CVE-2023-5100

2023-10-0912:05:25

CWE-319

SICK AG

www.cve.org

cleartext transmission

sensitive information

rdt400

sick apu

unprivileged remote attacker

network traffic

not encrypted

cve-2023-5100

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.6%

JSON

Cleartext Transmission of Sensitive Information in RDT400 in SICK APU allows an
unprivileged remote attacker to retrieve potentially sensitive information via intercepting network traffic
that is not encrypted.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "APU0200",
    "vendor": "SICK AG",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  }
]

References

sick.com/.well-known/csaf/white/2023/sca-2023-0010.json

sick.com/.well-known/csaf/white/2023/sca-2023-0010.pdf

sick.com/psirt

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.6%

JSON

Related for CVELIST:CVE-2023-5100