Vulnerability in Sick Lms500
CVE-2023-31412
The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an attacker manages to retrieve the hash, it could lead to collision attacks and the potential retrieval of the password.
EPSS: 0.003 (26.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
Affected products
- Sick Lms500
- Sick Lms500_firmware
- Sick Lms511
- Sick Lms511_firmware
- Sick Lms531
- Sick Lms531_firmware
- Sick Ag Lms5xx — versions all firmware versions
Weakness classification (CWE)
References
- psirt@sick.de (issue-tracking, Vendor Advisory)
- psirt@sick.de (vendor-advisory, Vendor Advisory)
- psirt@sick.de (x_csaf, Vendor Advisory)
Frequently asked questions
- What is CVE-2023-31412?
- CVE-2023-31412 is a high-severity vulnerability in Sick Lms500, classified under Use of Password Hash With Insufficient Computational Effort. CVSS score: 7.5/10. Published 2023-08-24.
- How severe is CVE-2023-31412?
- High severity. CVSS v3 base score is 7.5 out of 10.