Lucene search

[email protected]NVD:CVE-2023-35698

HistoryJul 10, 2023 - 4:15 p.m.

CVE-2023-35698

2023-07-1016:15:52

CWE-204

CWE-203

[email protected]

web.nvd.nist.gov

remote attacker

identify usernames

ftp server

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

48.3%

JSON

Observable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify valid usernames for the FTP server from the response given during a failed login
attempt.

Affected configurations

NVD

Node

sickicr890-4_firmwareRange<2.5.0

AND

sickicr890-4Match-

References

sick.com/.well-known/csaf/white/2023/sca-2023-0006.json

sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf

sick.com/psirt

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

48.3%

JSON

Related for NVD:CVE-2023-35698

prion1 cve1 cvelist1