Lucene search

SICK AGCVE-2023-5103

HistoryOct 09, 2023 - 1:15 p.m.

CVE-2023-5103

2023-10-0913:15:10

CWE-1021

SICK AG

web.nvd.nist.gov

cve-2023-5103

improper restriction

rendered ui layers

frames

rdt400

sick apu

information security

remote attack

vulnerability

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

AI Score

4.5

Confidence

High

EPSS

0.001

Percentile

40.9%

JSON

Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user into
clicking on an actionable item using an iframe.

Affected configurations

Nvd

Node

sickapu0200_firmwareRange<4.0.0.6

AND

sickapu0200Match-

VendorProductVersionCPE
sickapu0200_firmware*cpe:2.3:o:sick:apu0200_firmware:*:*:*:*:*:*:*:*
sickapu0200-cpe:2.3:h:sick:apu0200:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sick	apu0200_firmware	*	cpe:2.3:o:sick:apu0200_firmware::::::::
sick	apu0200	-	cpe:2.3:h:sick:apu0200:-:::::::*

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "APU0200",
    "vendor": "SICK AG",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  }
]

References

sick.com/.well-known/csaf/white/2023/sca-2023-0010.json

sick.com/.well-known/csaf/white/2023/sca-2023-0010.pdf

sick.com/psirt

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

AI Score

4.5

Confidence

High

EPSS

0.001

Percentile

40.9%

JSON

Related for CVE-2023-5103