CWE
434 284
Advisory Published
Updated

CVE-2023-43696: Malicious File Upload

First published: Mon Oct 09 2023(Updated: )

Improper Access Control in SICK APU allows an unprivileged remote attacker to download as well as upload arbitrary files via anonymous access to the FTP server.

Credit: psirt@sick.de psirt@sick.de

Affected SoftwareAffected VersionHow to fix
Sick Apu0200 Firmware<4.0.0.6
Sick Apu0200

Remedy

The recommended solution is to update the image to a version >= 4.0.0.6 as soon as possible.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2023-43696?

    CVE-2023-43696 is a vulnerability in the SICK APU software that allows an unprivileged remote attacker to download and upload arbitrary files via anonymous access to the FTP server.

  • What is the severity of CVE-2023-43696?

    The severity of CVE-2023-43696 is rated as critical with a CVSS score of 9.8.

  • How does CVE-2023-43696 impact SICK APU?

    CVE-2023-43696 allows an unprivileged remote attacker to gain unauthorized access to the FTP server and upload/download arbitrary files, potentially leading to further exploitation and unauthorized access to the system.

  • How can I fix CVE-2023-43696?

    To fix CVE-2023-43696, it is recommended to update the SICK APU software to version 4.0.0.6 or higher.

  • Where can I find more information about CVE-2023-43696?

    More information about CVE-2023-43696 can be found at the following references: [link1], [link2], [link3].

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203