CVE-2023-31412

The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an attacker manages to retrieve the hash, it could lead to collision attacks and the potential retrieval of the password.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
SICK AGCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
VendorProductVersion
sicklms531_firmware
*
sicklms511_firmware
*
sicklms500_firmware
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.json
https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.pdf
https://sick.com/psirt
https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.json
https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.pdf
https://sick.com/psirt