CVE-2023-43696

Опубликовано: 09 окт. 2023

Источник: nvd

CVSS3: 8.2

CVSS3: 9.8

EPSS Низкий

Описание

Improper Access Control in SICK APU allows an unprivileged remote attacker to download as well as upload arbitrary files via anonymous access to the FTP server.

Ссылки

https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json
Vendor Advisory
https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.pdf
Vendor Advisory
https://sick.com/psirt
Product
https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json
Vendor Advisory
https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.pdf
Vendor Advisory
https://sick.com/psirt
Product

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:sick:apu0200_firmware:*:*:*:*:*:*:*:*

Версия до 4.0.0.6 (исключая)

cpe:2.3:h:sick:apu0200:-:*:*:*:*:*:*:*

EPSS

Процентиль: 45%

0.00222

Низкий

8.2 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-284

CWE-434

Связанные уязвимости

GHSA-34rj-7m66-hcw6

CVSS3: 8.2

github

больше 2 лет назад

Improper Access Control in SICK APU allows an unprivileged remote attacker to download as well as upload arbitrary files via anonymous access to the FTP server.

EPSS

Процентиль: 45%

0.00222

Низкий

8.2 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-284

CWE-434