Vulnerability Details : CVE-2023-31411
A remote unprivileged attacker can modify and access configuration settings on the EventCam App due to the absence of API authentication. The lack of authentication in the API allows the attacker to potentially compromise the functionality of the EventCam App.
Products affected by CVE-2023-31411
- cpe:2.3:a:sick:sick_eventcam_app:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-31411
0.23%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 61 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-31411
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
SICK AG |
CWE ids for CVE-2023-31411
-
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-31411
-
https://sick.com/.well-known/csaf/white/2023/sca-2023-0005.json
Vendor Advisory
-
https://sick.com/.well-known/csaf/white/2023/sca-2023-0005.pdf
Vendor Advisory
-
https://sick.com/psirt
The SICK Product Security Incident Response Team (SICK PSIRT) | SICKVendor Advisory
Jump to