CVE-2023-5101
Vulnerability from cvelistv5
Published
2023-10-09 12:07
Modified
2024-08-02 07:44
Severity
Summary
Files or Directories Accessible to External Parties in RDT400 in SICK APU allows an
unprivileged remote attacker to download various files from the server via HTTP requests.
References
Source | URL | Tags |
---|---|---|
psirt@sick.de | https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json | Vendor Advisory |
psirt@sick.de | https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.pdf | Vendor Advisory |
psirt@sick.de | https://sick.com/psirt | Product |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:44:53.728Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "issue-tracking", "x_transferred" ], "url": "https://sick.com/psirt" }, { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.pdf" }, { "tags": [ "x_csaf", "x_transferred" ], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "APU0200", "vendor": "SICK AG", "versions": [ { "status": "affected", "version": "all versions" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\nFiles or Directories Accessible to External Parties in RDT400 in SICK APU allows an\nunprivileged remote attacker to download various files from the server via HTTP requests.\n\n" } ], "value": "\nFiles or Directories Accessible to External Parties in RDT400 in SICK APU allows an\nunprivileged remote attacker to download various files from the server via HTTP requests.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-552", "description": "CWE-552 Files or Directories Accessible to External Parties", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-09T12:07:13.545Z", "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "shortName": "SICK AG" }, "references": [ { "tags": [ "issue-tracking" ], "url": "https://sick.com/psirt" }, { "tags": [ "vendor-advisory" ], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.pdf" }, { "tags": [ "x_csaf" ], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\n\nThe recommended solution is to update the image to a version \u0026gt;= 4.0.0.6 as soon as possible.\u003cbr\u003e" } ], "value": "\n\n\nThe recommended solution is to update the image to a version \u003e= 4.0.0.6 as soon as possible.\n" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "assignerShortName": "SICK AG", "cveId": "CVE-2023-5101", "datePublished": "2023-10-09T12:07:13.545Z", "dateReserved": "2023-09-21T07:10:37.521Z", "dateUpdated": "2024-08-02T07:44:53.728Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2023-5101\",\"sourceIdentifier\":\"psirt@sick.de\",\"published\":\"2023-10-09T13:15:10.557\",\"lastModified\":\"2023-10-11T18:41:21.633\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"\\nFiles or Directories Accessible to External Parties in RDT400 in SICK APU allows an\\nunprivileged remote attacker to download various files from the server via HTTP requests.\\n\\n\"},{\"lang\":\"es\",\"value\":\"Archivos o directorios accesibles a partes externas en RDT400 en SICK APU permiten a un atacante remoto sin privilegios descargar varios archivos desde el servidor a trav\u00e9s de solicitudes HTTP.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"psirt@sick.de\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-552\"}]},{\"source\":\"psirt@sick.de\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-552\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sick:apu0200_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.0.0.6\",\"matchCriteriaId\":\"B2A3C873-A9B5-4AF8-8703-F00233E56A5E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sick:apu0200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E32F3FD-FB2B-4F73-AD20-8AB98B02FCF1\"}]}]}],\"references\":[{\"url\":\"https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json\",\"source\":\"psirt@sick.de\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.pdf\",\"source\":\"psirt@sick.de\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://sick.com/psirt\",\"source\":\"psirt@sick.de\",\"tags\":[\"Product\"]}]}}" } }
Loading...