CVE-2023-35699
First published: Mon Jul 10 2023(Updated: )
Cleartext Storage on Disk in the SICK ICR890-4 could allow an unauthenticated attacker with local access to the device to disclose sensitive information by accessing a SD card.
Credit: psirt@sick.de psirt@sick.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sick Icr890-4 Firmware | <2.5.0 | |
| SICK ICR890-4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2023-35699.
What is the title of this vulnerability?
The title of this vulnerability is Cleartext Storage on Disk in the SICK ICR890-4 could allow an unauthenticated attacker with local access to the device to disclose sensitive information by accessing a SD card.
What is the severity level of CVE-2023-35699?
CVE-2023-35699 has a severity level of medium, with a severity value of 4.
How can an unauthenticated attacker exploit this vulnerability?
An unauthenticated attacker with local access to the device can exploit this vulnerability by accessing a SD card on the SICK ICR890-4, leading to the disclosure of sensitive information.
Is the SICK ICR890-4 vulnerable to this issue?
Yes, the SICK ICR890-4 firmware versions up to but excluding 2.5.0 are vulnerable to this issue.
- collector/nvd-latest
- collector/nvd-index
- agent/author
- agent/weakness
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/severity
- agent/references
- agent/tags
- agent/description
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- vendor/sick
- canonical/sick icr890-4 firmware
- canonical/sick icr890-4