cvelistv5 - cve-2023-31412

URL	Tags
psirt@sick.de	https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.json	Vendor Advisory
psirt@sick.de	https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.pdf	Vendor Advisory
psirt@sick.de	https://sick.com/psirt	Vendor Advisory

▼	Vendor	Product
	SICK AG	LMS5xx

sca-2023-0007

Vulnerability from csaf_sick

Published

2023-08-25 11:00

Modified

2023-08-25 11:00

Summary

Vulnerabilities in SICK LMS5xx

Notes

SICK received a report about multiple vulnerabilities in the SICK LMS5xx, that can be accessed via Ethernet. If exploited, this potentially allows a remote unauthenticated attacker to impact availabiltiy, integrity and confidentaility of the LMS5xx. SICK recommends making sure to run the product in a secure environment and update to the newest firmware version. SICK is not aware of an exploit targeting this vulnerability.

General Security Measures

As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.

Vulnerability Classification

SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Jonathan Sarrazin"
        ],
        "organization": "The Cybersecurity and Protection Systems Study Office (BCYP) from the Radioprotection and Nuclear Safety Institute (IRSN)",
        "summary": "reporting multiple vulnerabilities"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "summary",
        "text": "SICK received a report about multiple vulnerabilities in the SICK LMS5xx, that can be accessed via Ethernet. If exploited, this potentially allows a remote unauthenticated attacker to impact availabiltiy, integrity and confidentaility of the LMS5xx. SICK recommends making sure to run the product in a secure environment and update to the newest firmware version. SICK is not aware of an exploit targeting this vulnerability."
      },
      {
        "category": "general",
        "text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.",
        "title": "General Security Measures"
      },
      {
        "category": "general",
        "text": "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer\u2019s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.",
        "title": "Vulnerability Classification"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@sick.de",
      "issuing_authority": "SICK PSIRT is responsible for any vulnerabilities related to SICK products.",
      "name": "SICK PSIRT",
      "namespace": "https://www.sick.com/psirt"
    },
    "references": [
      {
        "summary": "SICK PSIRT Security Advisories",
        "url": "https://www.sick.com/psirt"
      },
      {
        "summary": "SICK Operating Guidelines",
        "url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
      },
      {
        "summary": "ICS-CERT recommended practices on Industrial Security",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "summary": "CVSS v3.1 Calculator",
        "url": "https://www.first.org/cvss/calculator/3.1"
      },
      {
        "category": "self",
        "summary": "The canonical URL.",
        "url": "https://www.sick.com/.well-known/csaf/white/2023/sca-2023-0007.json"
      },
      {
        "category": "self",
        "summary": "The canonical PDF URL.",
        "url": "https://www.sick.com/.well-known/csaf/white/2023/sca-2023-0007.pdf"
      },
      {
        "summary": "LMS5xx hardening guide",
        "url": "https://cdn.sick.com/media/docs/7/17/717/technical_information_lms5xx_hardening_guide_en_im0106717.pdf"
      }
    ],
    "title": "Vulnerabilities in SICK LMS5xx",
    "tracking": {
      "current_release_date": "2023-08-25T11:00:00.000Z",
      "generator": {
        "date": "2023-12-04T10:34:39.963Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.2.16"
        }
      },
      "id": "SCA-2023-0007",
      "initial_release_date": "2023-08-25T11:00:00.000Z",
      "revision_history": [
        {
          "date": "2023-08-25T11:00:00.000Z",
          "number": "1",
          "summary": "Initial Release"
        },
        {
          "date": "2023-12-04T11:00:00.000Z",
          "number": "2",
          "summary": "Added self reference in CSAF"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK LMS5xx all versions",
                      "product_id": "CSAFPID-0001"
                    }
                  }
                ],
                "category": "product_name",
                "name": "LMS5xx"
              }
            ],
            "category": "product_family",
            "name": "LMS5xx"
          }
        ],
        "category": "vendor",
        "name": "SICK AG"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-4418",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "audience": "all",
          "category": "description",
          "text": "A remote unprivileged attacker can sent multiple packages to the LMS5xx to disrupt its availability through a TCP SYN-based denial-of-service (DDoS) attack. \nBy exploiting this vulnerability, an attacker can flood the targeted LMS5xx with a high volume of TCP SYN requests, overwhelming its resources and causing it to become unresponsive or unavailable for legitimate users.",
          "title": "Description"
        },
        {
          "category": "general",
          "text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.\n\nAdditional information on Industrial Security can be found at: \n\nhttp://ics-cert.us-cert.gov/content/recommended-practices",
          "title": "General Security Measures"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "workaround",
          "date": "2023-08-24T11:00:00.000Z",
          "details": "Please make sure that you apply general security practices when operating the LMS5xx. The following General Security Practices and Operating Guidelines could mitigate the associated security risk.\nIt is also recommended to apply the security practices listed in the LMS5xx hardening guide.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://cdn.sick.com/media/docs/7/17/717/technical_information_lms5xx_hardening_guide_en_im0106717.pdf"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "environmentalScore": 7.5,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2023-4419",
      "cwe": {
        "id": "CWE-798",
        "name": "Use of Hard-coded Credentials"
      },
      "notes": [
        {
          "audience": "all",
          "category": "description",
          "text": "The LMS5xx uses hard-coded credentials, which potentially allow low-skilled\nunauthorized remote attackers to reconfigure settings and /or disrupt the functionality of the device.",
          "title": "Description"
        },
        {
          "category": "general",
          "text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.\n\nAdditional information on Industrial Security can be found at: \n\nhttp://ics-cert.us-cert.gov/content/recommended-practices",
          "title": "General Security Measures"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-08-25T11:00:00.000Z",
          "details": "SICK has released a new version V2.21 of the SICK LMS5xx firmware and recommends updating to the newest version.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2023-4420",
      "cwe": {
        "id": "CWE-319",
        "name": "Cleartext Transmission of Sensitive Information"
      },
      "notes": [
        {
          "audience": "all",
          "category": "description",
          "text": "A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK LMS5xx. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attacker can exploit this weakness to eavesdrop on the communication between the LMS5xx and the Client, and potentially manipulate the data being transmitted.",
          "title": "Description"
        },
        {
          "category": "general",
          "text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.\n\nAdditional information on Industrial Security can be found at: \n\nhttp://ics-cert.us-cert.gov/content/recommended-practices",
          "title": "General Security Measures"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "workaround",
          "date": "2023-08-24T11:00:00.000Z",
          "details": "Please make sure that you apply general security practices when operating the LMS5xx. The following General Security Practices and Operating Guidelines could mitigate the associated security risk.\nIt is also recommended to apply the security practices listed in the LMS5xx hardening guide.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://cdn.sick.com/media/docs/7/17/717/technical_information_lms5xx_hardening_guide_en_im0106717.pdf"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2023-31412",
      "cwe": {
        "id": "CWE-328",
        "name": "Use of Weak Hash"
      },
      "notes": [
        {
          "audience": "all",
          "category": "description",
          "text": "The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an attacker manages to retrieve the hash, it could lead to collision attacks and the potential retrieval of the password.",
          "title": "Description"
        },
        {
          "category": "general",
          "text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.\n\nAdditional information on Industrial Security can be found at: \n\nhttp://ics-cert.us-cert.gov/content/recommended-practices",
          "title": "General Security Measures"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "workaround",
          "date": "2023-08-24T11:00:00.000Z",
          "details": "Please make sure that you apply general security practices when operating the LMS5xx. The following General Security Practices and Operating Guidelines could mitigate the associated security risk.\nIt is also recommended to apply the security practices listed in the LMS5xx hardening guide.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://cdn.sick.com/media/docs/7/17/717/technical_information_lms5xx_hardening_guide_en_im0106717.pdf"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.5,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}

ghsa-9pmh-r27r-8vx3

Vulnerability from github

Published

2023-08-24 21:30

Modified

2024-04-04 07:11

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an attacker manages to retrieve the hash, it could lead to collision attacks and the potential retrieval of the password.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-31412"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-916"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-24T19:15:33Z",
    "severity": "HIGH"
  },
  "details": "The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an attacker manages to retrieve the hash, it could lead to collision attacks and the potential retrieval of the password.",
  "id": "GHSA-9pmh-r27r-8vx3",
  "modified": "2024-04-04T07:11:33Z",
  "published": "2023-08-24T21:30:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31412"
    },
    {
      "type": "WEB",
      "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.json"
    },
    {
      "type": "WEB",
      "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.pdf"
    },
    {
      "type": "WEB",
      "url": "https://sick.com/psirt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2023-31412

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an attacker manages to retrieve the hash, it could lead to collision attacks and the potential retrieval of the password.

Aliases

CVE-2023-31412

Aliases

CVE-2023-31412

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-31412",
    "id": "GSD-2023-31412"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-31412"
      ],
      "details": "The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an attacker manages to retrieve the hash, it could lead to collision attacks and the potential retrieval of the password.",
      "id": "GSD-2023-31412",
      "modified": "2023-12-13T01:20:30.151747Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@sick.de",
        "ID": "CVE-2023-31412",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "LMS5xx",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "status": "affected",
                                "version": "all firmware versions"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "SICK AG"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an attacker manages to retrieve the hash, it could lead to collision attacks and the potential retrieval of the password."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Use of Weak Hash"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://sick.com/psirt",
            "refsource": "MISC",
            "url": "https://sick.com/psirt"
          },
          {
            "name": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.pdf",
            "refsource": "MISC",
            "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.pdf"
          },
          {
            "name": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.json",
            "refsource": "MISC",
            "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.json"
          }
        ]
      },
      "source": {
        "discovery": "EXTERNAL"
      },
      "work_around": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": true,
              "type": "text/html",
              "value": "Please make sure that you apply general security practices when operating the LMS5xx. The following General Security Practices and Operating Guidelines could mitigate the associated security risk. It is also recommended to apply the security practices listed in the LMS5xx hardening guide. "
            }
          ],
          "value": "Please make sure that you apply general security practices when operating the LMS5xx. The following General Security Practices and Operating Guidelines could mitigate the associated security risk. It is also recommended to apply the security practices listed in the LMS5xx hardening guide. "
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sick:lms531_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sick:lms531:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sick:lms511_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sick:lms511:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sick:lms500_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sick:lms500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@sick.de",
          "ID": "CVE-2023-31412"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an attacker manages to retrieve the hash, it could lead to collision attacks and the potential retrieval of the password."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-916"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://sick.com/psirt",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "name": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.json",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.json"
            },
            {
              "name": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.pdf",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.pdf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-08-30T14:34Z",
      "publishedDate": "2023-08-24T19:15Z"
    }
  }
}

cve-2023-31412

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature

Action not permitted

cve-2023-31412

Vulnerability from cvelistv5

sca-2023-0007

Vulnerability from csaf_sick

ghsa-9pmh-r27r-8vx3

Vulnerability from github

gsd-2023-31412

Vulnerability from gsd

Tags

Sightings

Nomenclature