CVE-2023-5288 - OpenCVE

A remote unauthorized attacker may connect to the SIM1012, interact with the device and change configuration settings. The adversary may also reset the SIM and in the worst case upload a new firmware version to the device.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sick	Sim1012-0p0g200 Sim1012-0p0g200 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:sick:sim1012-0p0g200_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sick:sim1012-0p0g200:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://sick.com/.well-known/csaf/white/2023/sca-2023-0008.json
https://sick.com/.well-known/csaf/white/2023/sca-2023-0008.pdf
https://sick.com/psirt

History

No history.

MITRE

Status: PUBLISHED

Assigner: SICK AG

Published: 2023-09-29T11:37:56.571Z

Updated: 2024-08-02T07:52:08.562Z

Reserved: 2023-09-29T10:17:33.150Z

Link: CVE-2023-5288

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-09-29T12:15:13.437

Modified: 2023-10-02T19:40:35.707

Link: CVE-2023-5288

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5288", "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "state": "PUBLISHED", "assignerShortName": "SICK AG", "dateReserved": "2023-09-29T10:17:33.150Z", "datePublished": "2023-09-29T11:37:56.571Z", "dateUpdated": "2024-08-02T07:52:08.562Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "SIM1012", "vendor": "SICK AG", "versions": [{"status": "affected", "version": "all versions"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\nA remote unauthorized attacker may connect to the SIM1012, interact with the device and\nchange configuration settings. The adversary may also reset the SIM and in the worst case upload a\nnew firmware version to the device.\n\n"}], "value": "\nA remote unauthorized attacker may connect to the SIM1012, interact with the device and\nchange configuration settings. The adversary may also reset the SIM and in the worst case upload a\nnew firmware version to the device.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "shortName": "SICK AG", "dateUpdated": "2023-09-29T11:37:56.571Z"}, "references": [{"tags": ["issue-tracking"], "url": "https://sick.com/psirt"}, {"tags": ["vendor-advisory"], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0008.pdf"}, {"tags": ["x_csaf"], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0008.json"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\nSICK recommends to disable port 2111 & 2122 once the SIM1012 is put into operation. The\ninformation how to disable the port can be retrieved from the SIM1012 API documentation. SICK\nrecommends using the SICK AppManager in version >=1.5.6 for the commissioning of the SIM1012.\n\n\n<br>"}], "value": "\nSICK recommends to disable port 2111 & 2122 once the SIM1012 is put into operation. The\ninformation how to disable the port can be retrieved from the SIM1012 API documentation. SICK\nrecommends using the SICK AppManager in version >=1.5.6 for the commissioning of the SIM1012.\n\n\n\n"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:52:08.562Z"}, "title": "CVE Program Container", "references": [{"tags": ["issue-tracking", "x_transferred"], "url": "https://sick.com/psirt"}, {"tags": ["vendor-advisory", "x_transferred"], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0008.pdf"}, {"tags": ["x_csaf", "x_transferred"], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0008.json"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sick:sim1012-0p0g200_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "107B78AE-09FC-4A4C-AFD9-5AEB44B2A157", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sick:sim1012-0p0g200:-:*:*:*:*:*:*:*", "matchCriteriaId": "F9A757D0-FA59-4F71-95B9-2F1E2B991867", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\nA remote unauthorized attacker may connect to the SIM1012, interact with the device and\nchange configuration settings. The adversary may also reset the SIM and in the worst case upload a\nnew firmware version to the device.\n\n"}, {"lang": "es", "value": "Un atacante remoto no autorizado puede conectarse al SIM1012, interactuar con el dispositivo y cambiar los ajustes de configuraci\u00f3n. El atacante tambi\u00e9n puede restablecer la SIM y, en el peor de los casos, cargar una nueva versi\u00f3n de firmware en el dispositivo."}], "id": "CVE-2023-5288", "lastModified": "2023-10-02T19:40:35.707", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "psirt@sick.de", "type": "Secondary"}]}, "published": "2023-09-29T12:15:13.437", "references": [{"source": "psirt@sick.de", "tags": ["Vendor Advisory"], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0008.json"}, {"source": "psirt@sick.de", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0008.pdf"}, {"source": "psirt@sick.de", "tags": ["Vendor Advisory"], "url": "https://sick.com/psirt"}], "sourceIdentifier": "psirt@sick.de", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "psirt@sick.de", "type": "Secondary"}]}