CVE-2023-31410

HIGH Year: 2023
CVSS v3 Score
7.4
High
Weakness Type
CWE-319
View all →

Vulnerability Description

A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK EventCam App. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attacker can exploit this weakness to eavesdrop on the communication between the EventCam App and the Client, and potentially manipulate the data being transmitted.

Related Vulnerabilities

CVE-2017-9035

HIGH
CVSS:7.4(High)

Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to eavesdrop and tamper with updates by leveraging unencrypted communications with update servers.

CWE-3192017

CVE-2018-7960

HIGH
CVSS:7.4(High)

There is a SRTP icon display vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept the packets in non-secure transmission mode. Suc...

CWE-3192018

CVE-2019-13498

HIGH
CVSS:7.4(High)

One Identity Cloud Access Manager 8.1.3 does not use HTTP Strict Transport Security (HSTS), which may allow man-in-the-middle (MITM) attacks. This issue is fixed in version 8.1.4.

CWE-3192019

CVE-2020-11718

HIGH
CVSS:7.4(High)

An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and below. Its software-update packages are downloaded via cleartext HTTP.

CWE-3192020

CVE-2020-4899

HIGH
CVSS:7.4(High)

IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensitive information or allow for data corruption due to plain text transmission of sensitive information across the network. IBM X-For...

CWE-3192020

CVE-2021-0296

HIGH
CVSS:7.4(High)

The Juniper Networks CTPView server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header which allows servers to indicate that content from the requested domain ...

CWE-3192021