CVE-2023-3273

EPSS 0.56%
Veröffentlicht 10.07.2023 16:15:55
Zuletzt bearbeitet 21.11.2024 08:16:52
Quelle psirt@sick.de
CVE-Watchlists
Login
Unerledigt
Login

Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to affect the availability of the device by changing settings of the device such as the IP
address based on missing access control.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sick ≫ Icr890-4 Firmware Version < 2.5.0

Sick ≫ Icr890-4 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.56%	0.673

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
psirt@sick.de	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://sick.com/psirt

Product

https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json

Vendor Advisory

https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-3273

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-3273

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-3273

EUVD