CVE-2023-35699

Summary

Cleartext Storage on Disk in the SICK ICR890-4 could allow an unauthenticated attacker with local access to the device to disclose sensitive information by accessing a SD card.

Affected Software

VendorProductVersion RangeStatus
SICK AGICR890-40 < 2.5.0affected

Weaknesses

  • CWE-313: CWE-313 Cleartext Storage in a File or on Disk

Workarounds

Please make sure that you apply general security practices when operating the SICK ICR890- 4 like restricting physical access to the device. The following general security practices could mitigate the associated security risk.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References