CVE-2023-3271

Опубликовано: 10 июл. 2023

Источник: nvd

CVSS3: 8.2

CVSS3: 7.5

EPSS Низкий

Описание

Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to gather information about the system and download data via the REST API by accessing unauthenticated endpoints.

Ссылки

https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json
Vendor Advisory
https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf
Vendor Advisory
https://sick.com/psirt
Product
https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json
Vendor Advisory
https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf
Vendor Advisory
https://sick.com/psirt
Product

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:sick:icr890-4_firmware:*:*:*:*:*:*:*:*

Версия до 2.5.0 (исключая)

cpe:2.3:h:sick:icr890-4:-:*:*:*:*:*:*:*

EPSS

Процентиль: 39%

0.00176

Низкий

8.2 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-284

NVD-CWE-noinfo

Связанные уязвимости

GHSA-fm49-53h8-h7vg

CVSS3: 8.2

github

больше 2 лет назад

EPSS

Процентиль: 39%

0.00176

Низкий

8.2 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-284

NVD-CWE-noinfo