Weak Hash Generation in LMS5xx by Sick AG
CVE-2023-31412

7.5HIGH

Key Information:

Vendor: Sick Ag
Status: Lms5xx
Vendor: CVE Published:; 24 August 2023

What is CVE-2023-31412?

The LMS5xx series from Sick AG utilizes weak hash generation methods that create insecure hashes. This vulnerability poses a risk as an attacker could exploit these insecure hashes to conduct collision attacks. If successful, this may allow them to retrieve sensitive user passwords, undermining the integrity of the system's security. Organizations using the LMS5xx should evaluate their security posture and consider implementing mitigation strategies promptly.

Affected Version(s)

LMS5xx all firmware versions

References

https://sick.com/psirt

issue-tracking

https://sick.com/.well-known/csaf/white/2023/sca-2023-000...

vendor-advisory

https://sick.com/.well-known/csaf/white/2023/sca-2023-000...

x_csaf

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 24, 2023
Vulnerability Reserved
Apr 27, 2023

Sick Ag

What is CVE-2023-31412?

Affected Version(s)

References

CVSS V3.1

Timeline