CVE-2023-5288

A remote unauthorized attacker may connect to the SIM1012, interact with the device and change configuration settings. The adversary may also reset the SIM and in the worst case upload a new firmware version to the device.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://sick.com/.well-known/csaf/white/2023/sca-2023-0008.json	Vendor Advisory
https://sick.com/.well-known/csaf/white/2023/sca-2023-0008.pdf	Mitigation Vendor Advisory
https://sick.com/psirt	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:sick:sim1012-0p0g200_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sick:sim1012-0p0g200:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-09-29 12:15

Updated : 2023-10-02 19:40

NVD link : CVE-2023-5288

Mitre link : CVE-2023-5288

CVE.ORG link : CVE-2023-5288

JSON object : View

Products Affected

sick

sim1012-0p0g200_firmware
sim1012-0p0g200

CWE

NVD-CWE-noinfo CWE-284

Improper Access Control

{"id": "CVE-2023-5288", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "psirt@sick.de", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-09-29T12:15:13.437", "references": [{"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0008.json", "tags": ["Vendor Advisory"], "source": "psirt@sick.de"}, {"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0008.pdf", "tags": ["Mitigation", "Vendor Advisory"], "source": "psirt@sick.de"}, {"url": "https://sick.com/psirt", "tags": ["Vendor Advisory"], "source": "psirt@sick.de"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "psirt@sick.de", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "\nA remote unauthorized attacker may connect to the SIM1012, interact with the device and\nchange configuration settings. The adversary may also reset the SIM and in the worst case upload a\nnew firmware version to the device.\n\n"}, {"lang": "es", "value": "Un atacante remoto no autorizado puede conectarse al SIM1012, interactuar con el dispositivo y cambiar los ajustes de configuraci\u00f3n. El atacante tambi\u00e9n puede restablecer la SIM y, en el peor de los casos, cargar una nueva versi\u00f3n de firmware en el dispositivo."}], "lastModified": "2023-10-02T19:40:35.707", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sick:sim1012-0p0g200_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "107B78AE-09FC-4A4C-AFD9-5AEB44B2A157"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sick:sim1012-0p0g200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F9A757D0-FA59-4F71-95B9-2F1E2B991867"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@sick.de"}