Lucene search

SICK AGCVELIST:CVE-2023-5288

HistorySep 29, 2023 - 11:37 a.m.

CVE-2023-5288

2023-09-2911:37:56

CWE-284

SICK AG

www.cve.org

remote access

unauthorized

sim1012

configuration changes

reset

firmware upload

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

34.9%

JSON

A remote unauthorized attacker may connect to the SIM1012, interact with the device and
change configuration settings. The adversary may also reset the SIM and in the worst case upload a
new firmware version to the device.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "SIM1012",
    "vendor": "SICK AG",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  }
]

References

sick.com/.well-known/csaf/white/2023/sca-2023-0008.json

sick.com/.well-known/csaf/white/2023/sca-2023-0008.pdf

sick.com/psirt

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

34.9%

JSON

Related for CVELIST:CVE-2023-5288