CVE-2023-31411

A remote unprivileged attacker can modify and access configuration settings on the EventCam App due to the absence of API authentication. The lack of authentication in the API allows the attacker to potentially compromise the functionality of the EventCam App.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SICK AGCNA
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
VendorProductVersion
sicksick_eventcam_app
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://sick.com/.well-known/csaf/white/2023/sca-2023-0005.json
https://sick.com/.well-known/csaf/white/2023/sca-2023-0005.pdf
https://sick.com/psirt
https://sick.com/.well-known/csaf/white/2023/sca-2023-0005.json
https://sick.com/.well-known/csaf/white/2023/sca-2023-0005.pdf
https://sick.com/psirt