Brute Force Vulnerability in SICK ICR890-4 Product by SICK AG
CVE-2023-35697

5.3MEDIUM

Key Information:

Vendor: Sick Ag
Status: Icr890-4
Vendor: CVE Published:; 10 July 2023

What is CVE-2023-35697?

The SICK ICR890-4 is vulnerable to an improper restriction of excessive authentication attempts, allowing remote attackers to potentially brute-force user credentials. This vulnerability exposes systems to unauthorized access, and it is crucial for users to implement appropriate security measures to mitigate the risk of credential compromise. Regular updates and monitoring of authentication mechanisms are recommended to strengthen overall security.

Affected Version(s)

ICR890-4 0

References

https://sick.com/psirt

issue-tracking

https://sick.com/.well-known/csaf/white/2023/sca-2023-000...

vendor-advisory

https://sick.com/.well-known/csaf/white/2023/sca-2023-000...

x_csaf

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 10, 2023
Vulnerability Reserved
Jun 15, 2023

Sick Ag

What is CVE-2023-35697?

Affected Version(s)

References

CVSS V3.1

Timeline