All the vulnerabilites related to SICK AG - EventCam App
cve-2023-31411
Vulnerability from cvelistv5
Published
2023-06-19 14:59
Modified
2024-12-09 21:07
Severity ?
EPSS score ?
Summary
A remote unprivileged attacker can modify and access configuration settings on the EventCam App due to the absence of API authentication. The lack of authentication in the API allows the attacker to potentially compromise the functionality of the EventCam App.
References
▼ | URL | Tags |
---|---|---|
https://sick.com/psirt | issue-tracking | |
https://sick.com/.well-known/csaf/white/2023/sca-2023-0005.pdf | vendor-advisory | |
https://sick.com/.well-known/csaf/white/2023/sca-2023-0005.json | x_csaf |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | SICK AG | EventCam App |
Version: all versions |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:53:31.078Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "issue-tracking", "x_transferred" ], "url": "https://sick.com/psirt" }, { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0005.pdf" }, { "tags": [ "x_csaf", "x_transferred" ], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0005.json" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-31411", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-09T21:07:10.923353Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-09T21:07:24.192Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "EventCam App", "vendor": "SICK AG", "versions": [ { "status": "affected", "version": "all versions" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": true, "type": "text/html", "value": "A remote unprivileged attacker can modify and access configuration settings on the EventCam App due to the absence of API authentication. The lack of authentication in the API allows the attacker to potentially compromise the functionality of the EventCam App. " } ], "value": "A remote unprivileged attacker can modify and access configuration settings on the EventCam App due to the absence of API authentication. The lack of authentication in the API allows the attacker to potentially compromise the functionality of the EventCam App. " } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "Improper Authorization", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-19T14:59:30.206Z", "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "shortName": "SICK AG" }, "references": [ { "tags": [ "issue-tracking" ], "url": "https://sick.com/psirt" }, { "tags": [ "vendor-advisory" ], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0005.pdf" }, { "tags": [ "x_csaf" ], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0005.json" } ], "source": { "discovery": "INTERNAL" }, "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": true, "type": "text/html", "value": "Please make sure that you apply general security practices when operating the EventCam App. The following General Security Practices and Operating Guidelines could mitigate the associated security risk.\n" } ], "value": "Please make sure that you apply general security practices when operating the EventCam App. The following General Security Practices and Operating Guidelines could mitigate the associated security risk.\n" } ], "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "assignerShortName": "SICK AG", "cveId": "CVE-2023-31411", "datePublished": "2023-06-19T14:59:30.206Z", "dateReserved": "2023-04-27T18:35:47.418Z", "dateUpdated": "2024-12-09T21:07:24.192Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-31410
Vulnerability from cvelistv5
Published
2023-06-19 14:57
Modified
2024-12-11 20:31
Severity ?
EPSS score ?
Summary
A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK EventCam App. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attacker can exploit this weakness to eavesdrop on the communication between the EventCam App and the Client, and potentially manipulate the data being transmitted.
References
▼ | URL | Tags |
---|---|---|
https://sick.com/psirt | issue-tracking | |
https://sick.com/.well-known/csaf/white/2023/sca-2023-0005.pdf | vendor-advisory | |
https://sick.com/.well-known/csaf/white/2023/sca-2023-0005.json | x_csaf |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | SICK AG | EventCam App |
Version: all versions |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:53:31.061Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "issue-tracking", "x_transferred" ], "url": "https://sick.com/psirt" }, { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0005.pdf" }, { "tags": [ "x_csaf", "x_transferred" ], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0005.json" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-31410", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-11T20:31:43.474394Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-11T20:31:59.734Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "EventCam App", "vendor": "SICK AG", "versions": [ { "status": "affected", "version": "all versions" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": true, "type": "text/html", "value": "A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK EventCam App. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attacker can exploit this weakness to eavesdrop on the communication between the EventCam App and the Client, and potentially manipulate the data being transmitted." } ], "value": "A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK EventCam App. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attacker can exploit this weakness to eavesdrop on the communication between the EventCam App and the Client, and potentially manipulate the data being transmitted." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "Cleartext Transmission of Sensitive Information", "lang": "en" } ] }, { "descriptions": [ { "description": "Improper Authorization", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-19T14:57:52.413Z", "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "shortName": "SICK AG" }, "references": [ { "tags": [ "issue-tracking" ], "url": "https://sick.com/psirt" }, { "tags": [ "vendor-advisory" ], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0005.pdf" }, { "tags": [ "x_csaf" ], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0005.json" } ], "source": { "discovery": "INTERNAL" }, "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": true, "type": "text/html", "value": "Please make sure that you apply general security practices when operating the EventCam App. The following General Security Practices and Operating Guidelines could mitigate the associated security risk.\n" } ], "value": "Please make sure that you apply general security practices when operating the EventCam App. The following General Security Practices and Operating Guidelines could mitigate the associated security risk.\n" } ], "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "assignerShortName": "SICK AG", "cveId": "CVE-2023-31410", "datePublished": "2023-06-19T14:57:52.413Z", "dateReserved": "2023-04-27T18:35:47.418Z", "dateUpdated": "2024-12-11T20:31:59.734Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }