The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an attacker manages to retrieve the hash, it could lead to collision attacks and the potential retrieval of the password.
References
Link | Resource |
---|---|
https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.json | Vendor Advisory |
https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.pdf | Vendor Advisory |
https://sick.com/psirt | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
30 Aug 2023, 14:34
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-916 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
First Time |
Sick lms500
Sick lms511 Firmware Sick lms511 Sick lms500 Firmware Sick lms531 Firmware Sick Sick lms531 |
|
CPE | cpe:2.3:h:sick:lms500:-:*:*:*:*:*:*:* cpe:2.3:o:sick:lms500_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:sick:lms531:-:*:*:*:*:*:*:* cpe:2.3:h:sick:lms511:-:*:*:*:*:*:*:* cpe:2.3:o:sick:lms511_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:sick:lms531_firmware:*:*:*:*:*:*:*:* |
|
References | (MISC) https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.json - Vendor Advisory | |
References | (MISC) https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.pdf - Vendor Advisory | |
References | (MISC) https://sick.com/psirt - Vendor Advisory |
24 Aug 2023, 19:55
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-24 19:15
Updated : 2023-12-10 15:14
NVD link : CVE-2023-31412
Mitre link : CVE-2023-31412
CVE.ORG link : CVE-2023-31412
JSON object : View
Products Affected
sick
- lms500_firmware
- lms511
- lms531
- lms500
- lms511_firmware
- lms531_firmware
CWE
CWE-916
Use of Password Hash With Insufficient Computational Effort