CVE-2023-3273
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to affect the availability of the device by changing settings of the device such as the IP address based on missing access control.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SICK AG | ICR890-4 | 0 < 2.5.0 | affected |
Weaknesses
- CWE-284: CWE-284 Improper Access Control
Workarounds
SICK recommends to disable port 2111 & 2122 once the SICK ICR890-4 is put into operation.
ADP Enrichment
CVE Program Container
Additional References
- https://sick.com/psirt
- https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf
- https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://sick.com/psirt
- https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf
- https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.