Lucene search

[email protected]NVD:CVE-2023-4420

HistoryAug 24, 2023 - 7:15 p.m.

CVE-2023-4420

2023-08-2419:15:43

CWE-311

[email protected]

web.nvd.nist.gov

remote attacker

interception

man-in-the-middle

unauthorized disclosure

sensitive information

encryption

communication channel

eavesdropping

data manipulation

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

9.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.8%

JSON

A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK LMS5xx. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attacker can exploit this weakness to eavesdrop on the communication between the LMS5xx and the Client, and potentially manipulate the data being transmitted.

Affected configurations

NVD

Node

sicklms531_firmware

AND

sicklms531Match-

Node

sicklms511_firmware

AND

sicklms511Match-

Node

sicklms500_firmware

AND

sicklms500Match-

References

sick.com/.well-known/csaf/white/2023/sca-2023-0007.json

sick.com/.well-known/csaf/white/2023/sca-2023-0007.pdf

sick.com/psirt

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

9.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.8%

JSON

Related for NVD:CVE-2023-4420

prion1 cvelist1 cve1