CVE-2023-31411: A remote unprivileged attacker can modify and access configuration settings on the EventCam App due to the absence of API authentication. The lack...

9.8 CVSS

Description

A remote unprivileged attacker can modify and access configuration settings on the EventCam App due to the absence of API authentication. The lack of authentication in the API allows the attacker to potentially compromise the functionality of the EventCam App.

Classification

CVE ID: CVE-2023-31411

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.8

Affected Products

Vendor: SICK AG

Product: EventCam App

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.22% (probability of being exploited)

EPSS Percentile: 60.73% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://sick.com/psirt
https://sick.com/.well-known/csaf/white/2023/sca-2023-0005.pdf
https://sick.com/.well-known/csaf/white/2023/sca-2023-0005.json

Timeline

2024-12-10 00:30:59 UTC
CVE

A remote unprivileged attacker can modify and access configuration settings on the EventCam App due to the absence of API authentication. The lack...