CVE-2023-4418 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

A remote unprivileged attacker can sent multiple packages to the LMS5xx to disrupt its availability through a TCP SYN-based denial-of-service (DDoS) attack. By exploiting this vulnerability, an attacker can flood the targeted LMS5xx with a high volume of TCP SYN requests, overwhelming its resources and causing it to become unresponsive or unavailable for legitimate users.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Sick	Lms531 Firmware	All versions
Sick	Lms531	-
Sick	Lms511 Firmware	All versions
Sick	Lms511	-
Sick	Lms500 Firmware	All versions
Sick	Lms500	-

Related Weaknesses (CWE)

CWE-400

References

https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.jsonVendor Advisory
https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.pdfVendor Advisory
https://sick.com/psirtVendor Advisory
https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.jsonVendor Advisory
https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.pdfVendor Advisory
https://sick.com/psirtVendor Advisory

FAQ

What is CVE-2023-4418?

CVE-2023-4418 is a vulnerability with a CVSS score of 7.5 (HIGH). A remote unprivileged attacker can sent multiple packages to the LMS5xx to disrupt its availability through a TCP SYN-based denial-of-service (DDoS) attack. By exploiting this vulnerability, an attac...

How severe is CVE-2023-4418?

CVE-2023-4418 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-4418?

Check the references section above for vendor advisories and patch information. Affected products include: Sick Lms531 Firmware, Sick Lms531, Sick Lms511 Firmware, Sick Lms511, Sick Lms500 Firmware.