Lucene search

[email protected]NVD:CVE-2023-43696

HistoryOct 09, 2023 - 12:15 p.m.

CVE-2023-43696

2023-10-0912:15:10

CWE-434

CWE-284

[email protected]

web.nvd.nist.gov

improper access control

remote attacker

ftp server

arbitrary files

cve-2023-43696

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.8%

JSON

Improper Access Control in SICK APU allows an unprivileged remote attacker to
download as well as upload arbitrary files via anonymous access to the FTP server.

Affected configurations

NVD

Node

sickapu0200_firmwareRange<4.0.0.6

AND

sickapu0200Match-

References

sick.com/.well-known/csaf/white/2023/sca-2023-0010.json

sick.com/.well-known/csaf/white/2023/sca-2023-0010.pdf

sick.com/psirt

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.8%

JSON

Related for NVD:CVE-2023-43696

cvelist1 prion1 cve1