CVE-2023-3273

Summary

Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to affect the availability of the device by changing settings of the device such as the IP address based on missing access control.

Affected Software

VendorProductVersion RangeStatus
SICK AGICR890-40 < 2.5.0affected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control

Workarounds

SICK recommends to disable port 2111 & 2122 once the SICK ICR890-4 is put into operation.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References