Vulnerability Description
A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK LMS5xx. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attacker can exploit this weakness to eavesdrop on the communication between the LMS5xx and the Client, and potentially manipulate the data being transmitted.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sick | Lms531 Firmware | All versions |
| Sick | Lms531 | - |
| Sick | Lms511 Firmware | All versions |
| Sick | Lms511 | - |
| Sick | Lms500 Firmware | All versions |
| Sick | Lms500 | - |
Related Weaknesses (CWE)
References
- https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.jsonVendor Advisory
- https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.pdfVendor Advisory
- https://sick.com/psirtVendor Advisory
- https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.jsonVendor Advisory
- https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.pdfVendor Advisory
- https://sick.com/psirtVendor Advisory
FAQ
What is CVE-2023-4420?
CVE-2023-4420 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK LMS5xx. This lack of encryption in the commu...
How severe is CVE-2023-4420?
CVE-2023-4420 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-4420?
Check the references section above for vendor advisories and patch information. Affected products include: Sick Lms531 Firmware, Sick Lms531, Sick Lms511 Firmware, Sick Lms511, Sick Lms500 Firmware.