CVE-2023-31412 — HIGH (7.5)

Vulnerability Description

The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an attacker manages to retrieve the hash, it could lead to collision attacks and the potential retrieval of the password.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Sick	Lms531 Firmware	All versions
Sick	Lms531	-
Sick	Lms511 Firmware	All versions
Sick	Lms511	-
Sick	Lms500 Firmware	All versions
Sick	Lms500	-

Related Weaknesses (CWE)

CWE-916

References

https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.jsonVendor Advisory
https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.pdfVendor Advisory
https://sick.com/psirtVendor Advisory
https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.jsonVendor Advisory
https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.pdfVendor Advisory
https://sick.com/psirtVendor Advisory

FAQ

What is CVE-2023-31412?

CVE-2023-31412 is a vulnerability with a CVSS score of 7.5 (HIGH). The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an attacker manages to retrieve the hash, it could lead to collision attacks and the potential retrieval o...

How severe is CVE-2023-31412?

CVE-2023-31412 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-31412?

Check the references section above for vendor advisories and patch information. Affected products include: Sick Lms531 Firmware, Sick Lms531, Sick Lms511 Firmware, Sick Lms511, Sick Lms500 Firmware.