CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-5103
https://notcve.org/view.php?id=CVE-2023-5103
09 Oct 2023 — Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user into clicking on an actionable item using an iframe. La restricción inadecuada de Rendered UI Layers o Frames en RDT400 en SICK APU permite que un atacante remoto sin privilegios revele potencialmente información confidencial engañando a un usuario para que haga clic en un elemento procesable usando un iframe. Improper Restriction o... • https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-5102
https://notcve.org/view.php?id=CVE-2023-5102
09 Oct 2023 — Insufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden functionality via HTTP requests. Una gestión de flujo de control insuficiente en RDT400 en SICK APU permite que un atacante remoto sin privilegios habilite potencialmente funciones ocultas a través de solicitudes HTTP. • https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json • CWE-691: Insufficient Control Flow Management •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-5101
https://notcve.org/view.php?id=CVE-2023-5101
09 Oct 2023 — Files or Directories Accessible to External Parties in RDT400 in SICK APU allows an unprivileged remote attacker to download various files from the server via HTTP requests. Archivos o directorios accesibles a partes externas en RDT400 en SICK APU permiten a un atacante remoto sin privilegios descargar varios archivos desde el servidor a través de solicitudes HTTP. Files or Directories Accessible to External Parties in RDT400 in SICK APU allows an unprivileged remote attacker to download various files from ... • https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-5100
https://notcve.org/view.php?id=CVE-2023-5100
09 Oct 2023 — Cleartext Transmission of Sensitive Information in RDT400 in SICK APU allows an unprivileged remote attacker to retrieve potentially sensitive information via intercepting network traffic that is not encrypted. La transmisión de texto plano de información confidencial en RDT400 en SICK APU permite a un atacante remoto sin privilegios recuperar información potencialmente confidencial mediante la interceptación del tráfico de red que no está cifrado. Cleartext Transmission of Sensitive Information in RDT400 i... • https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-43697
https://notcve.org/view.php?id=CVE-2023-43697
09 Oct 2023 — Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP requests. La modificación de datos supuestamente inmutables (MAID) en RDT400 en SICK APU permite a un atacante remoto sin privilegios hacer que el sitio no pueda cargar las cadenas necesarias cambiando las rutas de los archivos mediante solicitudes HTTP. Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK A... • https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json • CWE-471: Modification of Assumed-Immutable Data (MAID) •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-43698
https://notcve.org/view.php?id=CVE-2023-43698
09 Oct 2023 — Improper Neutralization of Input During Web Page Generation (’Cross-site Scripting’) in RDT400 in SICK APU allows an unprivileged remote attacker to run arbitrary code in the clients browser via injecting code into the website. La neutralización inadecuada de la entrada durante la generación de páginas web ("Cross-site Scripting") en RDT400 en SICK APU permite a un atacante remoto sin privilegios ejecutar código arbitrario en el navegador del cliente mediante la inyección de código en el sitio web. Improper... • https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-43699
https://notcve.org/view.php?id=CVE-2023-43699
09 Oct 2023 — Improper Restriction of Excessive Authentication Attempts in RDT400 in SICK APU allows an unprivileged remote attacker to guess the password via trial-and-error as the login attempts are not limited. La restricción inadecuada de intentos de autenticación excesivos de RDT400 en SICK APU permite a un atacante remoto sin privilegios adivinar la contraseña mediante prueba y error, ya que los intentos de inicio de sesión no están limitados. Improper Restriction of Excessive Authentication Attempts in RDT400 in S... • https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-43700
https://notcve.org/view.php?id=CVE-2023-43700
09 Oct 2023 — Missing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data via HTTP requests that no not require authentication. La falta de autorización de RDT400 en SICK APU permite a un atacante remoto sin privilegios modificar datos a través de solicitudes HTTP que no requieren autenticación. • https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-43696
https://notcve.org/view.php?id=CVE-2023-43696
09 Oct 2023 — Improper Access Control in SICK APU allows an unprivileged remote attacker to download as well as upload arbitrary files via anonymous access to the FTP server. Un control de acceso inadecuado en SICK APU permite a un atacante remoto sin privilegios descargar y cargar archivos arbitrarios mediante acceso anónimo al servidor FTP. Improper Access Control in SICK APU allows an unprivileged remote attacker to download as well as upload arbitrary files via anonymous access to the FTP server. • https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json • CWE-284: Improper Access Control CWE-434: Unrestricted Upload of File with Dangerous Type •