Lucene search

SICK AGCVE-2023-43698

HistoryOct 09, 2023 - 1:15 p.m.

CVE-2023-43698

2023-10-0913:15:10

CWE-79

SICK AG

web.nvd.nist.gov

cve-2023-43698

cross-site scripting

rdt400

sick apu

remote code execution

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

36.1%

JSON

Improper Neutralization of Input During Web Page Generation (’Cross-site Scripting’) in RDT400 in SICK APU allows an unprivileged remote attacker to run arbitrary code in the clients
browser via injecting code into the website.

Affected configurations

Nvd

Node

sickapu0200_firmwareRange<4.0.0.6

AND

sickapu0200Match-

VendorProductVersionCPE
sickapu0200_firmware*cpe:2.3:o:sick:apu0200_firmware:*:*:*:*:*:*:*:*
sickapu0200-cpe:2.3:h:sick:apu0200:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sick	apu0200_firmware	*	cpe:2.3:o:sick:apu0200_firmware::::::::
sick	apu0200	-	cpe:2.3:h:sick:apu0200:-:::::::*

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "APU0200",
    "vendor": "SICK AG",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  }
]

References

sick.com/.well-known/csaf/white/2023/sca-2023-0010.json

sick.com/.well-known/csaf/white/2023/sca-2023-0010.pdf

sick.com/psirt