CVE-2023-4420 - OpenCVE

A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK LMS5xx. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attacker can exploit this weakness to eavesdrop on the communication between the LMS5xx and the Client, and potentially manipulate the data being transmitted.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Sick	Lms500 Lms500 Firmware Lms531 Lms511 Firmware Lms511 Lms531 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:sick:lms531_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:lms531:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:sick:lms511_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:lms511:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:sick:lms500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:lms500:-:*:*:*:*:*:*:*

References

Link	Resource
https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.json	Vendor Advisory
https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.pdf	Vendor Advisory
https://sick.com/psirt	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: SICK AG

Published: 2023-08-24T18:11:39.312Z

Updated: 2023-08-24T18:11:39.312Z

Reserved: 2023-08-18T13:09:48.275Z

Link: CVE-2023-4420

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-08-24T19:15:43.183

Modified: 2023-08-30T15:12:14.153

Link: CVE-2023-4420

JSON object: View

Redhat Information

No data.

CWE

CWE-311

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-4420", "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "state": "PUBLISHED", "assignerShortName": "SICK AG", "dateReserved": "2023-08-18T13:09:48.275Z", "datePublished": "2023-08-24T18:11:39.312Z", "dateUpdated": "2023-08-24T18:11:39.312Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "LMS5xx", "vendor": "SICK AG", "versions": [{"status": "affected", "version": "all firmware versions"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": true, "type": "text/html", "value": "A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK LMS5xx. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attacker can exploit this weakness to eavesdrop on the communication between the LMS5xx and the Client, and potentially manipulate the data being transmitted."}], "value": "A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK LMS5xx. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attacker can exploit this weakness to eavesdrop on the communication between the LMS5xx and the Client, and potentially manipulate the data being transmitted."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"description": "Cleartext Transmission of Sensitive Information", "lang": "en"}]}], "providerMetadata": {"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "shortName": "SICK AG", "dateUpdated": "2023-08-24T18:11:39.312Z"}, "references": [{"tags": ["issue-tracking"], "url": "https://sick.com/psirt"}, {"tags": ["vendor-advisory"], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.pdf"}, {"tags": ["x_csaf"], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.json"}], "source": {"discovery": "EXTERNAL"}, "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\nPlease make sure that you apply general security practices when operating the LMS5xx. The\nfollowing General Security Practices and Operating Guidelines could mitigate the associated security\nrisk. It is also recommended to apply the security practices listed in the LMS5xx hardening guide.\n\n<br>"}], "value": "\nPlease make sure that you apply general security practices when operating the LMS5xx. The\nfollowing General Security Practices and Operating Guidelines could mitigate the associated security\nrisk. It is also recommended to apply the security practices listed in the LMS5xx hardening guide.\n\n\n"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sick:lms531_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5943B624-D730-4679-8118-CD29CFB4CD1C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sick:lms531:-:*:*:*:*:*:*:*", "matchCriteriaId": "44AF5B79-0A15-4195-80F3-7304D8000D1A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sick:lms511_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F113FA6F-F3CC-43C7-97A4-D40F8F1F5E9F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sick:lms511:-:*:*:*:*:*:*:*", "matchCriteriaId": "9ABE387A-9B29-43DE-A4F1-EDD3CB8BEB6F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sick:lms500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9DF24DAB-D1E4-4B14-B9CE-BFB52F9BDBC7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sick:lms500:-:*:*:*:*:*:*:*", "matchCriteriaId": "B8A37D4F-969C-4496-BD10-13C903A41305", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK LMS5xx. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attacker can exploit this weakness to eavesdrop on the communication between the LMS5xx and the Client, and potentially manipulate the data being transmitted."}], "id": "CVE-2023-4420", "lastModified": "2023-08-30T15:12:14.153", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "psirt@sick.de", "type": "Secondary"}]}, "published": "2023-08-24T19:15:43.183", "references": [{"source": "psirt@sick.de", "tags": ["Vendor Advisory"], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.json"}, {"source": "psirt@sick.de", "tags": ["Vendor Advisory"], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.pdf"}, {"source": "psirt@sick.de", "tags": ["Vendor Advisory"], "url": "https://sick.com/psirt"}], "sourceIdentifier": "psirt@sick.de", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-311"}], "source": "nvd@nist.gov", "type": "Primary"}]}