Remote Communication Vulnerability in SICK LMS5xx by SICK AG
CVE-2023-4420

9.8CRITICAL

Key Information:

Vendor: Sick Ag
Status: Lms5xx
Vendor: CVE Published:; 24 August 2023

What is CVE-2023-4420?

The absence of Transport Layer Security (TLS) in SICK LMS5xx devices creates a security vulnerability that allows remote unauthenticated attackers to intercept communications. This lack of encryption facilitates unauthorized access to sensitive information, enabling potential eavesdropping and data manipulation during the exchange between the LMS5xx and client applications. Organizations using these devices must take immediate action to secure their communications against such threats.

Affected Version(s)

LMS5xx all firmware versions

References

https://sick.com/psirt

issue-tracking

https://sick.com/.well-known/csaf/white/2023/sca-2023-000...

vendor-advisory

https://sick.com/.well-known/csaf/white/2023/sca-2023-000...

x_csaf

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 24, 2023
Vulnerability Reserved
Aug 18, 2023

Sick Ag

What is CVE-2023-4420?

Affected Version(s)

References

CVSS V3.1

Timeline