CVE-2023-43697 - OpenCVE

Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP requests.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Sick	Apu0200 Apu0200 Firmware
Sick Ag	Apu0200

Configuration 1 [-]

AND

cpe:2.3:o:sick:apu0200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:apu0200:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json
https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.pdf
https://sick.com/psirt

History

Thu, 19 Sep 2024 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Sick Ag Sick Ag apu0200
CPEs		cpe:2.3:a:sick_ag:apu0200::::::::
Vendors & Products		Sick Ag Sick Ag apu0200
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: SICK AG

Published: 2023-10-09T12:03:27.736Z

Updated: 2024-09-19T14:54:08.102Z

Reserved: 2023-09-21T07:10:31.289Z

Link: CVE-2023-43697

Vulnrichment

Updated: 2024-08-02T19:44:44.094Z

NVD

Status : Analyzed

Published: 2023-10-09T13:15:10.323

Modified: 2023-10-11T18:49:59.893

Link: CVE-2023-43697

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-43697", "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "state": "PUBLISHED", "assignerShortName": "SICK AG", "dateReserved": "2023-09-21T07:10:31.289Z", "datePublished": "2023-10-09T12:03:27.736Z", "dateUpdated": "2024-09-19T14:54:08.102Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "APU0200", "vendor": "SICK AG", "versions": [{"status": "affected", "version": "all versions"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\nModification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an\nunprivileged remote attacker to make the site unable to load necessary strings via changing file paths\nusing HTTP requests.\n\n"}], "value": "\nModification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an\nunprivileged remote attacker to make the site unable to load necessary strings via changing file paths\nusing HTTP requests.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-471", "description": "CWE-471 Modification of Assumed-Immutable Data (MAID)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "shortName": "SICK AG", "dateUpdated": "2023-10-09T12:03:27.736Z"}, "references": [{"tags": ["issue-tracking"], "url": "https://sick.com/psirt"}, {"tags": ["vendor-advisory"], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.pdf"}, {"tags": ["x_csaf"], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n\n\nThe recommended solution is to update the image to a version >= 4.0.0.6 as soon as possible.<br>"}], "value": "\n\n\nThe recommended solution is to update the image to a version >= 4.0.0.6 as soon as possible.\n"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:44:44.094Z"}, "title": "CVE Program Container", "references": [{"tags": ["issue-tracking", "x_transferred"], "url": "https://sick.com/psirt"}, {"tags": ["vendor-advisory", "x_transferred"], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.pdf"}, {"tags": ["x_csaf", "x_transferred"], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json"}]}, {"affected": [{"vendor": "sick_ag", "product": "apu0200", "cpes": ["cpe:2.3:a:sick_ag:apu0200:*:*:*:*:*:*:*:*"], "defaultStatus": "affected", "versions": [{"version": "rdt400", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-19T14:53:10.361349Z", "id": "CVE-2023-43697", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-19T14:54:08.102Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://sick.com/psirt", "tags": ["issue-tracking", "x_transferred"]}, {"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.pdf", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json", "tags": ["x_csaf", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:44:44.094Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-43697", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-19T14:53:10.361349Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:sick_ag:apu0200:*:*:*:*:*:*:*:*"], "vendor": "sick_ag", "product": "apu0200", "versions": [{"status": "affected", "version": "rdt400"}], "defaultStatus": "affected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-19T14:54:03.467Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SICK AG", "product": "APU0200", "versions": [{"status": "affected", "version": "all versions"}], "defaultStatus": "affected"}], "solutions": [{"lang": "en", "value": "\n\n\nThe recommended solution is to update the image to a version >= 4.0.0.6 as soon as possible.\n", "supportingMedia": [{"type": "text/html", "value": "\n\n\n\nThe recommended solution is to update the image to a version >= 4.0.0.6 as soon as possible.<br>", "base64": false}]}], "references": [{"url": "https://sick.com/psirt", "tags": ["issue-tracking"]}, {"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.pdf", "tags": ["vendor-advisory"]}, {"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json", "tags": ["x_csaf"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nModification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an\nunprivileged remote attacker to make the site unable to load necessary strings via changing file paths\nusing HTTP requests.\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\nModification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an\nunprivileged remote attacker to make the site unable to load necessary strings via changing file paths\nusing HTTP requests.\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-471", "description": "CWE-471 Modification of Assumed-Immutable Data (MAID)"}]}], "providerMetadata": {"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "shortName": "SICK AG", "dateUpdated": "2023-10-09T12:03:27.736Z"}}}, "cveMetadata": {"cveId": "CVE-2023-43697", "state": "PUBLISHED", "dateUpdated": "2024-09-19T14:54:08.102Z", "dateReserved": "2023-09-21T07:10:31.289Z", "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "datePublished": "2023-10-09T12:03:27.736Z", "assignerShortName": "SICK AG"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sick:apu0200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B2A3C873-A9B5-4AF8-8703-F00233E56A5E", "versionEndExcluding": "4.0.0.6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sick:apu0200:-:*:*:*:*:*:*:*", "matchCriteriaId": "0E32F3FD-FB2B-4F73-AD20-8AB98B02FCF1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\nModification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an\nunprivileged remote attacker to make the site unable to load necessary strings via changing file paths\nusing HTTP requests.\n\n"}, {"lang": "es", "value": "La modificaci\u00f3n de datos supuestamente inmutables (MAID) en RDT400 en SICK APU permite a un atacante remoto sin privilegios hacer que el sitio no pueda cargar las cadenas necesarias cambiando las rutas de los archivos mediante solicitudes HTTP."}], "id": "CVE-2023-43697", "lastModified": "2023-10-11T18:49:59.893", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "psirt@sick.de", "type": "Secondary"}]}, "published": "2023-10-09T13:15:10.323", "references": [{"source": "psirt@sick.de", "tags": ["Vendor Advisory"], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json"}, {"source": "psirt@sick.de", "tags": ["Vendor Advisory"], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.pdf"}, {"source": "psirt@sick.de", "tags": ["Product"], "url": "https://sick.com/psirt"}], "sourceIdentifier": "psirt@sick.de", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-471"}], "source": "psirt@sick.de", "type": "Secondary"}]}