CVE-2023-4420

A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK LMS5xx. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attacker can exploit this weakness to eavesdrop on the communication between the LMS5xx and the Client, and potentially manipulate the data being transmitted.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
sicklms531_firmware
*
sicklms511_firmware
*
sicklms500_firmware
*
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
sicklms5xx
𝑥
< *
ADP
Common Weakness Enumeration
References
https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.json
https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.pdf
https://sick.com/psirt
https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.json
https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.pdf
https://sick.com/psirt