CVE-2023-31412
First published: Thu Aug 24 2023(Updated: )
The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an attacker manages to retrieve the hash, it could lead to collision attacks and the potential retrieval of the password.
Credit: psirt@sick.de psirt@sick.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sick Lms531 Firmware | ||
| Sick Lms531 | ||
| Sick Lms511 Firmware | ||
| Sick Lms511 | ||
| Sick Lms500 Firmware | ||
| Sick Lms500 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-31412?
CVE-2023-31412 is a vulnerability found in the LMS5xx which uses weak hash generation methods, resulting in the creation of insecure hashes.
What is the severity of CVE-2023-31412?
CVE-2023-31412 has a severity rating of 7.5 (high).
Which software is affected by CVE-2023-31412?
The Sick LMS531 Firmware, Sick LMS511 Firmware, and Sick LMS500 Firmware are affected by CVE-2023-31412.
What is the potential risk of CVE-2023-31412?
If an attacker manages to retrieve the hash, it could lead to collision attacks and the potential retrieval of the password.
How can I fix CVE-2023-31412?
To fix CVE-2023-31412, it is recommended to update the affected software to a version that uses stronger hash generation methods.
- collector/nvd-api
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/sick
- canonical/sick lms531 firmware
- canonical/sick lms531
- canonical/sick lms511 firmware
- canonical/sick lms511
- canonical/sick lms500 firmware
- canonical/sick lms500