Denial of Service Vulnerability in LMS5xx by Sick
CVE-2023-4418

7.5HIGH

Key Information:

Vendor
Sick Ag
Status
Lms5xx
Vendor
CVE Published:
24 August 2023

Summary

A vulnerability exists in the Sick LMS5xx that permits unprivileged remote attackers to launch a TCP SYN-based denial-of-service attack. When successfully exploited, this vulnerability allows attackers to overload the LMS5xx by flooding it with a surge of TCP SYN requests. This results in service disruption, rendering the device unresponsive or unavailable to legitimate users.

Affected Version(s)

LMS5xx all firmware versions

References

https://sick.com/psirt
issue-tracking
https://sick.com/.well-known/csaf/white/2023/sca-2023-000...
vendor-advisory
https://sick.com/.well-known/csaf/white/2023/sca-2023-000...
x_csaf

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.