CVE-2023-3273
First published: Mon Jul 10 2023(Updated: )
Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to affect the availability of the device by changing settings of the device such as the IP address based on missing access control.
Credit: psirt@sick.de psirt@sick.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sick Icr890-4 Firmware | <2.5.0 | |
| SICK ICR890-4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-3273.
What is the title of this vulnerability?
The title of this vulnerability is 'Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to affect the availability of the device'.
What is the severity level of CVE-2023-3273?
The severity level of CVE-2023-3273 is high with a score of 7.5.
Which software is affected by this vulnerability?
The SICK ICR890-4 firmware up to version 2.5.0 is affected by this vulnerability.
How can an unauthenticated remote attacker exploit CVE-2023-3273?
An unauthenticated remote attacker can exploit CVE-2023-3273 by changing settings of the SICK ICR890-4 device, such as the IP address, due to missing access control.
- collector/nvd-latest
- collector/nvd-index
- agent/author
- agent/event
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/severity
- agent/references
- agent/weakness
- agent/tags
- agent/description
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- vendor/sick
- canonical/sick icr890-4 firmware
- canonical/sick icr890-4