Improper Authentication Handling in RDT400 - SICK APU
CVE-2023-43699

7.5HIGH

Key Information:

Vendor
Sick Ag
Status
Apu0200
Vendor
CVE Published:
9 October 2023

Summary

The vulnerability in RDT400 from SICK APU arises from insufficient restrictions on authentication attempts, permitting an unprivileged remote attacker to exploit this flaw by attempting to guess passwords through trial-and-error. As there are no limits on login attempts, attackers can systematically try multiple credentials, heightening security risks for affected systems.

Affected Version(s)

APU0200 all versions

References

https://sick.com/psirt
issue-tracking
https://sick.com/.well-known/csaf/white/2023/sca-2023-001...
vendor-advisory
https://sick.com/.well-known/csaf/white/2023/sca-2023-001...
x_csaf

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.