OpenCVE

The LMS5xx uses hard-coded credentials, which potentially allow low-skilled unauthorized remote attackers to reconfigure settings and /or disrupt the functionality of the device.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Sick	Lms500 Lms500 Firmware Lms511 Lms511 Firmware Lms531 Lms531 Firmware
Sick Ag	Lms5xx

Configuration 1 [-]

AND

cpe:2.3:o:sick:lms531_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:lms531:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:sick:lms511_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:lms511:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:sick:lms500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:lms500:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.json
https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.pdf
https://sick.com/psirt

History

Wed, 02 Oct 2024 20:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Sick Ag Sick Ag lms5xx
CPEs		cpe:2.3:h:sick_ag:lms5xx::::::::
Vendors & Products		Sick Ag Sick Ag lms5xx
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: SICK AG

Published: 2023-08-24T18:08:19.977Z

Updated: 2024-10-02T19:47:34.517Z

Reserved: 2023-08-18T13:09:27.459Z

Link: CVE-2023-4419

Vulnrichment

Updated: 2024-08-02T07:24:04.655Z

NVD

Status : Modified

Published: 2023-08-24T19:15:43.077

Modified: 2024-11-21T08:35:06.517

Link: CVE-2023-4419

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-4419", "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "state": "PUBLISHED", "assignerShortName": "SICK AG", "dateReserved": "2023-08-18T13:09:27.459Z", "datePublished": "2023-08-24T18:08:19.977Z", "dateUpdated": "2024-10-02T19:47:34.517Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "LMS5xx", "vendor": "SICK AG", "versions": [{"lessThan": " V2.21", "status": "affected", "version": "0", "versionType": "*"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": true, "type": "text/html", "value": "The LMS5xx uses hard-coded credentials, which potentially allow low-skilled\nunauthorized remote attackers to reconfigure settings and /or disrupt the functionality of the device."}], "value": "The LMS5xx uses hard-coded credentials, which potentially allow low-skilled\nunauthorized remote attackers to reconfigure settings and /or disrupt the functionality of the device."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"description": "Use of Hard-coded Credentials", "lang": "en"}]}], "providerMetadata": {"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "shortName": "SICK AG", "dateUpdated": "2023-08-24T18:17:41.123Z"}, "references": [{"tags": ["issue-tracking"], "url": "https://sick.com/psirt"}, {"tags": ["vendor-advisory"], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.pdf"}, {"tags": ["x_csaf"], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.json"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": true, "type": "text/html", "value": "SICK has released a new version V2.21 of the SICK LMS5xx firmware and recommends updating to the newest version."}], "value": "SICK has released a new version V2.21 of the SICK LMS5xx firmware and recommends updating to the newest version."}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:24:04.655Z"}, "title": "CVE Program Container", "references": [{"tags": ["issue-tracking", "x_transferred"], "url": "https://sick.com/psirt"}, {"tags": ["vendor-advisory", "x_transferred"], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.pdf"}, {"tags": ["x_csaf", "x_transferred"], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.json"}]}, {"affected": [{"vendor": "sick_ag", "product": "lms5xx", "cpes": ["cpe:2.3:h:sick_ag:lms5xx:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "2.21", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-02T19:46:33.605067Z", "id": "CVE-2023-4419", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-02T19:47:34.517Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://sick.com/psirt", "tags": ["issue-tracking", "x_transferred"]}, {"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.pdf", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.json", "tags": ["x_csaf", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:24:04.655Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-4419", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-02T19:46:33.605067Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:sick_ag:lms5xx:*:*:*:*:*:*:*:*"], "vendor": "sick_ag", "product": "lms5xx", "versions": [{"status": "affected", "version": "0", "lessThan": "2.21", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-02T19:47:24.471Z"}}], "cna": {"source": {"discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SICK AG", "product": "LMS5xx", "versions": [{"status": "affected", "version": "0", "lessThan": " V2.21", "versionType": "*"}], "defaultStatus": "affected"}], "solutions": [{"lang": "en", "value": "SICK has released a new version V2.21 of the SICK LMS5xx firmware and recommends updating to the newest version.", "supportingMedia": [{"type": "text/html", "value": "SICK has released a new version V2.21 of the SICK LMS5xx firmware and recommends updating to the newest version.", "base64": true}]}], "references": [{"url": "https://sick.com/psirt", "tags": ["issue-tracking"]}, {"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.pdf", "tags": ["vendor-advisory"]}, {"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.json", "tags": ["x_csaf"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "The LMS5xx uses hard-coded credentials, which potentially allow low-skilled\nunauthorized remote attackers to reconfigure settings and /or disrupt the functionality of the device.", "supportingMedia": [{"type": "text/html", "value": "The LMS5xx uses hard-coded credentials, which potentially allow low-skilled\nunauthorized remote attackers to reconfigure settings and /or disrupt the functionality of the device.", "base64": true}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Use of Hard-coded Credentials"}]}], "providerMetadata": {"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "shortName": "SICK AG", "dateUpdated": "2023-08-24T18:17:41.123Z"}}}, "cveMetadata": {"cveId": "CVE-2023-4419", "state": "PUBLISHED", "dateUpdated": "2024-10-02T19:47:34.517Z", "dateReserved": "2023-08-18T13:09:27.459Z", "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "datePublished": "2023-08-24T18:08:19.977Z", "assignerShortName": "SICK AG"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sick:lms531_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5943B624-D730-4679-8118-CD29CFB4CD1C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sick:lms531:-:*:*:*:*:*:*:*", "matchCriteriaId": "44AF5B79-0A15-4195-80F3-7304D8000D1A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sick:lms511_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F113FA6F-F3CC-43C7-97A4-D40F8F1F5E9F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sick:lms511:-:*:*:*:*:*:*:*", "matchCriteriaId": "9ABE387A-9B29-43DE-A4F1-EDD3CB8BEB6F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sick:lms500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9DF24DAB-D1E4-4B14-B9CE-BFB52F9BDBC7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sick:lms500:-:*:*:*:*:*:*:*", "matchCriteriaId": "B8A37D4F-969C-4496-BD10-13C903A41305", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The LMS5xx uses hard-coded credentials, which potentially allow low-skilled\nunauthorized remote attackers to reconfigure settings and /or disrupt the functionality of the device."}], "id": "CVE-2023-4419", "lastModified": "2024-11-21T08:35:06.517", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "psirt@sick.de", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-24T19:15:43.077", "references": [{"source": "psirt@sick.de", "tags": ["Vendor Advisory"], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.json"}, {"source": "psirt@sick.de", "tags": ["Vendor Advisory"], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.pdf"}, {"source": "psirt@sick.de", "tags": ["Vendor Advisory"], "url": "https://sick.com/psirt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.json"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://sick.com/psirt"}], "sourceIdentifier": "psirt@sick.de", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}