CVE-2023-5288

{"id": "CVE-2023-5288", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@sick.de", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-09-29T12:15:13.437", "references": [{"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0008.json", "tags": ["Vendor Advisory"], "source": "psirt@sick.de"}, {"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0008.pdf", "tags": ["Mitigation", "Vendor Advisory"], "source": "psirt@sick.de"}, {"url": "https://sick.com/psirt", "tags": ["Vendor Advisory"], "source": "psirt@sick.de"}, {"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0008.json", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0008.pdf", "tags": ["Mitigation", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://sick.com/psirt", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "psirt@sick.de", "description": [{"lang": "en", "value": "CWE-284"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "\nA remote unauthorized attacker may connect to the SIM1012, interact with the device and\nchange configuration settings. The adversary may also reset the SIM and in the worst case upload a\nnew firmware version to the device.\n\n"}, {"lang": "es", "value": "Un atacante remoto no autorizado puede conectarse al SIM1012, interactuar con el dispositivo y cambiar los ajustes de configuraci\u00f3n. El atacante tambi\u00e9n puede restablecer la SIM y, en el peor de los casos, cargar una nueva versi\u00f3n de firmware en el dispositivo."}], "lastModified": "2024-11-21T08:41:27.523", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sick:sim1012-0p0g200_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "107B78AE-09FC-4A4C-AFD9-5AEB44B2A157"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sick:sim1012-0p0g200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F9A757D0-FA59-4F71-95B9-2F1E2B991867"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@sick.de"}