First published: Mon Oct 09 2023(Updated: )
Improper Access Control in SICK APU allows an unprivileged remote attacker to download as well as upload arbitrary files via anonymous access to the FTP server.
Credit: psirt@sick.de psirt@sick.de
Affected Software | Affected Version | How to fix |
---|---|---|
Sick Apu0200 Firmware | <4.0.0.6 | |
Sick Apu0200 |
The recommended solution is to update the image to a version >= 4.0.0.6 as soon as possible.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-43696 is a vulnerability in the SICK APU software that allows an unprivileged remote attacker to download and upload arbitrary files via anonymous access to the FTP server.
The severity of CVE-2023-43696 is rated as critical with a CVSS score of 9.8.
CVE-2023-43696 allows an unprivileged remote attacker to gain unauthorized access to the FTP server and upload/download arbitrary files, potentially leading to further exploitation and unauthorized access to the system.
To fix CVE-2023-43696, it is recommended to update the SICK APU software to version 4.0.0.6 or higher.
More information about CVE-2023-43696 can be found at the following references: [link1], [link2], [link3].