Lucene search

SICK AGCVE-2023-5288

HistorySep 29, 2023 - 12:15 p.m.

CVE-2023-5288

2023-09-2912:15:13

CWE-284

SICK AG

web.nvd.nist.gov

cve-2023-5288

unauthorized access

sim1012

configuration settings

firmware update

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.001

Percentile

34.9%

JSON

A remote unauthorized attacker may connect to the SIM1012, interact with the device and
change configuration settings. The adversary may also reset the SIM and in the worst case upload a
new firmware version to the device.

Affected configurations

Nvd

Node

sicksim1012-0p0g200_firmwareMatch-

AND

sicksim1012-0p0g200Match-

VendorProductVersionCPE
sicksim1012-0p0g200_firmware-cpe:2.3:o:sick:sim1012-0p0g200_firmware:-:*:*:*:*:*:*:*
sicksim1012-0p0g200-cpe:2.3:h:sick:sim1012-0p0g200:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sick	sim1012-0p0g200_firmware	-	cpe:2.3:o:sick:sim1012-0p0g200_firmware:-:::::::*
sick	sim1012-0p0g200	-	cpe:2.3:h:sick:sim1012-0p0g200:-:::::::*

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "SIM1012",
    "vendor": "SICK AG",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  }
]

References

sick.com/.well-known/csaf/white/2023/sca-2023-0008.json

sick.com/.well-known/csaf/white/2023/sca-2023-0008.pdf

sick.com/psirt

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.001

Percentile

34.9%

JSON

Related for CVE-2023-5288