CVE-2023-43696

critical

Description

Improper Access Control in SICK APU allows an unprivileged remote attacker to download as well as upload arbitrary files via anonymous access to the FTP server.

References

https://sick.com/psirt

https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.pdf

https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json

Details

Source: Mitre, NVD

Published: 2023-10-09

Updated: 2023-10-11

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H