CVE-2023-43698

Improper Neutralization of Input During Web Page Generation (’Cross-site Scripting’) in RDT400 in SICK APU allows an unprivileged remote attacker to run arbitrary code in the clientsbrowser via injecting code into the website.

CVE-2023-5103

Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user intoclicking on an actionable item using an iframe.

CVE-2023-43696

Improper Access Control in SICK APU allows an unprivileged remote attacker todownload as well as upload arbitrary files via anonymous access to the FTP server.

CVE-2023-5102

Insufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden functionality via HTTP requests.

CVE-2023-43699

Improper Restriction of Excessive Authentication Attempts in RDT400 in SICK APUallows an unprivileged remote attacker to guess the password via trial-and-error as the login attemptsare not limited.

CVE-2023-43697

Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows anunprivileged remote attacker to make the site unable to load necessary strings via changing file pathsusing HTTP requests.

CVE-2023-5101

Files or Directories Accessible to External Parties in RDT400 in SICK APU allows anunprivileged remote attacker to download various files from the server via HTTP requests.

CVE-2023-5100

Cleartext Transmission of Sensitive Information in RDT400 in SICK APU allows anunprivileged remote attacker to retrieve potentially sensitive information via intercepting network trafficthat is not encrypted.

CVE-2023-43700

Missing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data via HTTP requests that no not require authentication.