OpenCVE

A remote unauthorized attacker may connect to the SIM1012, interact with the device and change configuration settings. The adversary may also reset the SIM and in the worst case upload a new firmware version to the device.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Sick	Sim1012-0p0g200 Sim1012-0p0g200 Firmware
Sick Ag	Sim1012

Configuration 1 [-]

AND

cpe:2.3:o:sick:sim1012-0p0g200_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sick:sim1012-0p0g200:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://sick.com/.well-known/csaf/white/2023/sca-2023-0008.json
https://sick.com/.well-known/csaf/white/2023/sca-2023-0008.pdf
https://sick.com/psirt

History

Mon, 23 Sep 2024 18:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Sick Ag Sick Ag sim1012
CPEs		cpe:2.3:a:sick_ag:sim1012::::::::
Vendors & Products		Sick Ag Sick Ag sim1012
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: SICK AG

Published: 2023-09-29T11:37:56.571Z

Updated: 2024-09-23T17:16:57.057Z

Reserved: 2023-09-29T10:17:33.150Z

Link: CVE-2023-5288

Vulnrichment

Updated: 2024-08-02T07:52:08.562Z

NVD

Status : Modified

Published: 2023-09-29T12:15:13.437

Modified: 2024-11-21T08:41:27.523

Link: CVE-2023-5288

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5288", "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "state": "PUBLISHED", "assignerShortName": "SICK AG", "dateReserved": "2023-09-29T10:17:33.150Z", "datePublished": "2023-09-29T11:37:56.571Z", "dateUpdated": "2024-09-23T17:16:57.057Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "SIM1012", "vendor": "SICK AG", "versions": [{"status": "affected", "version": "all versions"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\nA remote unauthorized attacker may connect to the SIM1012, interact with the device and\nchange configuration settings. The adversary may also reset the SIM and in the worst case upload a\nnew firmware version to the device.\n\n"}], "value": "\nA remote unauthorized attacker may connect to the SIM1012, interact with the device and\nchange configuration settings. The adversary may also reset the SIM and in the worst case upload a\nnew firmware version to the device.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "shortName": "SICK AG", "dateUpdated": "2023-09-29T11:37:56.571Z"}, "references": [{"tags": ["issue-tracking"], "url": "https://sick.com/psirt"}, {"tags": ["vendor-advisory"], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0008.pdf"}, {"tags": ["x_csaf"], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0008.json"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\nSICK recommends to disable port 2111 & 2122 once the SIM1012 is put into operation. The\ninformation how to disable the port can be retrieved from the SIM1012 API documentation. SICK\nrecommends using the SICK AppManager in version >=1.5.6 for the commissioning of the SIM1012.\n\n\n<br>"}], "value": "\nSICK recommends to disable port 2111 & 2122 once the SIM1012 is put into operation. The\ninformation how to disable the port can be retrieved from the SIM1012 API documentation. SICK\nrecommends using the SICK AppManager in version >=1.5.6 for the commissioning of the SIM1012.\n\n\n\n"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:52:08.562Z"}, "title": "CVE Program Container", "references": [{"tags": ["issue-tracking", "x_transferred"], "url": "https://sick.com/psirt"}, {"tags": ["vendor-advisory", "x_transferred"], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0008.pdf"}, {"tags": ["x_csaf", "x_transferred"], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0008.json"}]}, {"affected": [{"vendor": "sick_ag", "product": "sim1012", "cpes": ["cpe:2.3:a:sick_ag:sim1012:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "*", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-23T17:15:11.997557Z", "id": "CVE-2023-5288", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-23T17:16:57.057Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://sick.com/psirt", "tags": ["issue-tracking", "x_transferred"]}, {"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0008.pdf", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0008.json", "tags": ["x_csaf", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:52:08.562Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-5288", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-23T17:15:11.997557Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:sick_ag:sim1012:*:*:*:*:*:*:*:*"], "vendor": "sick_ag", "product": "sim1012", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-23T17:16:50.789Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SICK AG", "product": "SIM1012", "versions": [{"status": "affected", "version": "all versions"}], "defaultStatus": "affected"}], "solutions": [{"lang": "en", "value": "\nSICK recommends to disable port 2111 & 2122 once the SIM1012 is put into operation. The\ninformation how to disable the port can be retrieved from the SIM1012 API documentation. SICK\nrecommends using the SICK AppManager in version >=1.5.6 for the commissioning of the SIM1012.\n\n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\nSICK recommends to disable port 2111 & 2122 once the SIM1012 is put into operation. The\ninformation how to disable the port can be retrieved from the SIM1012 API documentation. SICK\nrecommends using the SICK AppManager in version >=1.5.6 for the commissioning of the SIM1012.\n\n\n<br>", "base64": false}]}], "references": [{"url": "https://sick.com/psirt", "tags": ["issue-tracking"]}, {"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0008.pdf", "tags": ["vendor-advisory"]}, {"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0008.json", "tags": ["x_csaf"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nA remote unauthorized attacker may connect to the SIM1012, interact with the device and\nchange configuration settings. The adversary may also reset the SIM and in the worst case upload a\nnew firmware version to the device.\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\nA remote unauthorized attacker may connect to the SIM1012, interact with the device and\nchange configuration settings. The adversary may also reset the SIM and in the worst case upload a\nnew firmware version to the device.\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "shortName": "SICK AG", "dateUpdated": "2023-09-29T11:37:56.571Z"}}}, "cveMetadata": {"cveId": "CVE-2023-5288", "state": "PUBLISHED", "dateUpdated": "2024-09-23T17:16:57.057Z", "dateReserved": "2023-09-29T10:17:33.150Z", "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "datePublished": "2023-09-29T11:37:56.571Z", "assignerShortName": "SICK AG"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sick:sim1012-0p0g200_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "107B78AE-09FC-4A4C-AFD9-5AEB44B2A157", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sick:sim1012-0p0g200:-:*:*:*:*:*:*:*", "matchCriteriaId": "F9A757D0-FA59-4F71-95B9-2F1E2B991867", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "\nA remote unauthorized attacker may connect to the SIM1012, interact with the device and\nchange configuration settings. The adversary may also reset the SIM and in the worst case upload a\nnew firmware version to the device.\n\n"}, {"lang": "es", "value": "Un atacante remoto no autorizado puede conectarse al SIM1012, interactuar con el dispositivo y cambiar los ajustes de configuraci\u00f3n. El atacante tambi\u00e9n puede restablecer la SIM y, en el peor de los casos, cargar una nueva versi\u00f3n de firmware en el dispositivo."}], "id": "CVE-2023-5288", "lastModified": "2024-11-21T08:41:27.523", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "psirt@sick.de", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-29T12:15:13.437", "references": [{"source": "psirt@sick.de", "tags": ["Vendor Advisory"], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0008.json"}, {"source": "psirt@sick.de", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0008.pdf"}, {"source": "psirt@sick.de", "tags": ["Vendor Advisory"], "url": "https://sick.com/psirt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0008.json"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0008.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://sick.com/psirt"}], "sourceIdentifier": "psirt@sick.de", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "psirt@sick.de", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}