gsd-2023-43697
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an
unprivileged remote attacker to make the site unable to load necessary strings via changing file paths
using HTTP requests.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-43697",
"id": "GSD-2023-43697"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-43697"
],
"details": "\nModification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an\nunprivileged remote attacker to make the site unable to load necessary strings via changing file paths\nusing HTTP requests.\n\n",
"id": "GSD-2023-43697",
"modified": "2023-12-13T01:20:44.806069Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "psirt@sick.de",
"ID": "CVE-2023-43697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "APU0200",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
}
]
}
}
]
},
"vendor_name": "SICK AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "\nModification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an\nunprivileged remote attacker to make the site unable to load necessary strings via changing file paths\nusing HTTP requests.\n\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-471",
"lang": "eng",
"value": "CWE-471 Modification of Assumed-Immutable Data (MAID)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sick.com/psirt",
"refsource": "MISC",
"url": "https://sick.com/psirt"
},
{
"name": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.pdf",
"refsource": "MISC",
"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.pdf"
},
{
"name": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json",
"refsource": "MISC",
"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json"
}
]
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\nThe recommended solution is to update the image to a version \u0026gt;= 4.0.0.6 as soon as possible.\u003cbr\u003e"
}
],
"value": "\n\n\nThe recommended solution is to update the image to a version \u003e= 4.0.0.6 as soon as possible.\n"
}
],
"source": {
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sick:apu0200_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.0.0.6",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sick:apu0200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "psirt@sick.de",
"ID": "CVE-2023-43697"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "\nModification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an\nunprivileged remote attacker to make the site unable to load necessary strings via changing file paths\nusing HTTP requests.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sick.com/psirt",
"refsource": "MISC",
"tags": [
"Product"
],
"url": "https://sick.com/psirt"
},
{
"name": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.pdf",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.pdf"
},
{
"name": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
},
"lastModifiedDate": "2023-10-11T18:49Z",
"publishedDate": "2023-10-09T13:15Z"
}
}
}
Loading...