gsd-2023-5100
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
Cleartext Transmission of Sensitive Information in RDT400 in SICK APU allows an
unprivileged remote attacker to retrieve potentially sensitive information via intercepting network traffic
that is not encrypted.
Aliases
Aliases
{ GSD: { alias: "CVE-2023-5100", id: "GSD-2023-5100", }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2023-5100", ], details: "\nCleartext Transmission of Sensitive Information in RDT400 in SICK APU allows an\nunprivileged remote attacker to retrieve potentially sensitive information via intercepting network traffic\nthat is not encrypted.\n\n", id: "GSD-2023-5100", modified: "2023-12-13T01:20:51.213890Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "psirt@sick.de", ID: "CVE-2023-5100", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "APU0200", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { status: "affected", version: "all versions", }, ], }, }, ], }, }, ], }, vendor_name: "SICK AG", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "\nCleartext Transmission of Sensitive Information in RDT400 in SICK APU allows an\nunprivileged remote attacker to retrieve potentially sensitive information via intercepting network traffic\nthat is not encrypted.\n\n", }, ], }, generator: { engine: "Vulnogram 0.1.0-dev", }, impact: { cvss: [ { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N", version: "3.1", }, ], }, problemtype: { problemtype_data: [ { description: [ { cweId: "CWE-319", lang: "eng", value: "CWE-319 Cleartext Transmission of Sensitive Information", }, ], }, ], }, references: { reference_data: [ { name: "https://sick.com/psirt", refsource: "MISC", url: "https://sick.com/psirt", }, { name: "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.pdf", refsource: "MISC", url: "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.pdf", }, { name: "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json", refsource: "MISC", url: "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json", }, ], }, solution: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n\n\nThe recommended solution is to update the image to a version >= 4.0.0.6 as soon as possible.<br>", }, ], value: "\n\n\nThe recommended solution is to update the image to a version >= 4.0.0.6 as soon as possible.\n", }, ], source: { discovery: "UNKNOWN", }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sick:apu0200_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "4.0.0.6", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sick:apu0200:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "psirt@sick.de", ID: "CVE-2023-5100", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "\nCleartext Transmission of Sensitive Information in RDT400 in SICK APU allows an\nunprivileged remote attacker to retrieve potentially sensitive information via intercepting network traffic\nthat is not encrypted.\n\n", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-319", }, ], }, ], }, references: { reference_data: [ { name: "https://sick.com/psirt", refsource: "MISC", tags: [ "Product", ], url: "https://sick.com/psirt", }, { name: "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.pdf", refsource: "MISC", tags: [ "Vendor Advisory", ], url: "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.pdf", }, { name: "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json", refsource: "MISC", tags: [ "Vendor Advisory", ], url: "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json", }, ], }, }, impact: { baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, }, }, lastModifiedDate: "2023-10-11T18:43Z", publishedDate: "2023-10-09T13:15Z", }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.