Lucene search

[email protected]NVD:CVE-2023-31410

HistoryJun 19, 2023 - 3:15 p.m.

CVE-2023-31410

2023-06-1915:15:09

CWE-319

[email protected]

web.nvd.nist.gov

remote attacker

insecure communication

sensitive information

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

9.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.6%

JSON

A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK EventCam App. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attacker can exploit this weakness to eavesdrop on the communication between the EventCam App and the Client, and potentially manipulate the data being transmitted.

Affected configurations

NVD

Node

sicksick_eventcam_app

References

sick.com/.well-known/csaf/white/2023/sca-2023-0005.json

sick.com/.well-known/csaf/white/2023/sca-2023-0005.pdf

sick.com/psirt

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

9.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.6%

JSON

Related for NVD:CVE-2023-31410

cve1 cvelist1 prion1