CVE-2023-5288

A remote unauthorized attacker may connect to the SIM1012, interact with the device and change configuration settings. The adversary may also reset the SIM and in the worst case upload a new firmware version to the device.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://sick.com/.well-known/csaf/white/2023/sca-2023-0008.json	Vendor Advisory
https://sick.com/.well-known/csaf/white/2023/sca-2023-0008.pdf	Mitigation Vendor Advisory
https://sick.com/psirt	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:sick:sim1012-0p0g200_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sick:sim1012-0p0g200:-:*:*:*:*:*:*:*

History

02 Oct 2023, 19:40

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
First Time		Sick sim1012-0p0g200 Sick sim1012-0p0g200 Firmware Sick
CPE		cpe:2.3:o:sick:sim1012-0p0g200_firmware:-:::::::* cpe:2.3:h:sick:sim1012-0p0g200:-:::::::*
References	~~(MISC) https://sick.com/.well-known/csaf/white/2023/sca-2023-0008.json -~~	(MISC) https://sick.com/.well-known/csaf/white/2023/sca-2023-0008.json - Vendor Advisory
References	~~(MISC) https://sick.com/psirt -~~	(MISC) https://sick.com/psirt - Vendor Advisory
References	~~(MISC) https://sick.com/.well-known/csaf/white/2023/sca-2023-0008.pdf -~~	(MISC) https://sick.com/.well-known/csaf/white/2023/sca-2023-0008.pdf - Mitigation, Vendor Advisory
CWE		NVD-CWE-noinfo

29 Sep 2023, 12:45

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-09-29 12:15

Updated : 2023-12-10 15:14

NVD link : CVE-2023-5288

Mitre link : CVE-2023-5288

CVE.ORG link : CVE-2023-5288

JSON object : View

Products Affected

sick

sim1012-0p0g200
sim1012-0p0g200_firmware

CWE

NVD-CWE-noinfo CWE-284

Improper Access Control

{"id": "CVE-2023-5288", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "psirt@sick.de", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-09-29T12:15:13.437", "references": [{"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0008.json", "tags": ["Vendor Advisory"], "source": "psirt@sick.de"}, {"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0008.pdf", "tags": ["Mitigation", "Vendor Advisory"], "source": "psirt@sick.de"}, {"url": "https://sick.com/psirt", "tags": ["Vendor Advisory"], "source": "psirt@sick.de"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "psirt@sick.de", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "\nA remote unauthorized attacker may connect to the SIM1012, interact with the device and\nchange configuration settings. The adversary may also reset the SIM and in the worst case upload a\nnew firmware version to the device.\n\n"}, {"lang": "es", "value": "Un atacante remoto no autorizado puede conectarse al SIM1012, interactuar con el dispositivo y cambiar los ajustes de configuraci\u00f3n. El atacante tambi\u00e9n puede restablecer la SIM y, en el peor de los casos, cargar una nueva versi\u00f3n de firmware en el dispositivo."}], "lastModified": "2023-10-02T19:40:35.707", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sick:sim1012-0p0g200_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "107B78AE-09FC-4A4C-AFD9-5AEB44B2A157"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sick:sim1012-0p0g200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F9A757D0-FA59-4F71-95B9-2F1E2B991867"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@sick.de"}