Auth bypass in Sick Sick_eventcam_app
CVE-2023-31411
A remote unprivileged attacker can modify and access configuration settings on the EventCam App due to the absence of API authentication. The lack of authentication in the API allows the attacker to potentially compromise the functionality…
Vulnerability class: Broken Authentication
EPSS: 0.009 (55.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Sick Sick_eventcam_app
- Sick Ag Eventcam App — versions all versions
Weakness classification (CWE)
References
- psirt@sick.de (issue-tracking, Vendor Advisory)
- psirt@sick.de (vendor-advisory, Vendor Advisory)
- psirt@sick.de (x_csaf, Vendor Advisory)
Frequently asked questions
- What is CVE-2023-31411?
- CVE-2023-31411 is a critical-severity vulnerability in Sick Sick_eventcam_app, classified under Missing Authentication for Critical Function. CVSS score: 9.8/10. Published 2023-06-19.
- How severe is CVE-2023-31411?
- Critical severity. CVSS v3 base score is 9.8 out of 10.