CVE-2023-43698: XSS
First published: Mon Oct 09 2023(Updated: )
Improper Neutralization of Input During Web Page Generation (’Cross-site Scripting’) in RDT400 in SICK APU allows an unprivileged remote attacker to run arbitrary code in the clients browser via injecting code into the website.
Credit: psirt@sick.de psirt@sick.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sick Apu0200 Firmware | <4.0.0.6 | |
| Sick Apu0200 |
Remedy
The recommended solution is to update the image to a version >= 4.0.0.6 as soon as possible.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-43698?
CVE-2023-43698 is a vulnerability in the RDT400 in SICK APU that allows an unprivileged remote attacker to run arbitrary code in the client's browser via injecting code into the website.
What is the severity of CVE-2023-43698?
The severity of CVE-2023-43698 is high with a CVSS score of 6.1.
How does CVE-2023-43698 affect me?
If you are using SICK APU with firmware version up to and exclusive of 4.0.0.6, you are vulnerable to CVE-2023-43698 and may be at risk of having arbitrary code injected into your browser.
How do I fix CVE-2023-43698?
To fix CVE-2023-43698, you should update the firmware of your SICK APU to a version that is higher than 4.0.0.6.
Where can I find more information about CVE-2023-43698?
You can find more information about CVE-2023-43698 on the official website of SICK at sick.com/psirt.
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/sick
- canonical/sick apu0200 firmware
- canonical/sick apu0200