Authorization

2023-10-0912:15:00

PRIOn knowledge base

www.prio-n.com

authorization

rdt400

unprivileged remote attacker

data modification

http requests

authentication

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.5%

JSON

Missing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data via HTTP requests that no not require authentication.

CPENameOperatorVersion
apu0200_firmwarelt4.0.0.6

CPE	Name	Operator	Version
	apu0200_firmware	lt	4.0.0.6

References

sick.com/.well-known/csaf/white/2023/sca-2023-0010.json

sick.com/.well-known/csaf/white/2023/sca-2023-0010.pdf

sick.com/psirt