Brute Force Vulnerability in SICK ICR890-4 Product by SICK AG
CVE-2023-35697

5.3MEDIUM

Key Information:

Vendor
Sick Ag
Status
Icr890-4
Vendor
CVE Published:
10 July 2023

Summary

The SICK ICR890-4 is vulnerable to an improper restriction of excessive authentication attempts, allowing remote attackers to potentially brute-force user credentials. This vulnerability exposes systems to unauthorized access, and it is crucial for users to implement appropriate security measures to mitigate the risk of credential compromise. Regular updates and monitoring of authentication mechanisms are recommended to strengthen overall security.

Affected Version(s)

ICR890-4 0

References

https://sick.com/psirt
issue-tracking
https://sick.com/.well-known/csaf/white/2023/sca-2023-000...
vendor-advisory
https://sick.com/.well-known/csaf/white/2023/sca-2023-000...
x_csaf

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.