CVE-2023-31412

Summary

The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an attacker manages to retrieve the hash, it could lead to collision attacks and the potential retrieval of the password.

Affected Software

VendorProductVersion RangeStatus
SICK AGLMS5xxall firmware versionsaffected

Weaknesses

  • Use of Weak Hash

Workarounds

Please make sure that you apply general security practices when operating the LMS5xx. The following General Security Practices and Operating Guidelines could mitigate the associated security risk. It is also recommended to apply the security practices listed in the LMS5xx hardening guide.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References