Remote Communication Vulnerability in SICK LMS5xx by SICK AG
CVE-2023-4420

9.8CRITICAL

Key Information:

Vendor
Sick Ag
Status
Lms5xx
Vendor
CVE Published:
24 August 2023

Summary

The absence of Transport Layer Security (TLS) in SICK LMS5xx devices creates a security vulnerability that allows remote unauthenticated attackers to intercept communications. This lack of encryption facilitates unauthorized access to sensitive information, enabling potential eavesdropping and data manipulation during the exchange between the LMS5xx and client applications. Organizations using these devices must take immediate action to secure their communications against such threats.

Affected Version(s)

LMS5xx all firmware versions

References

https://sick.com/psirt
issue-tracking
https://sick.com/.well-known/csaf/white/2023/sca-2023-000...
vendor-advisory
https://sick.com/.well-known/csaf/white/2023/sca-2023-000...
x_csaf

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.