CVE-2023-4420

HIGH Year: 2023
CVSS v3 Score
7.4
High
Weakness Type
CWE-311
View all →

Vulnerability Description

A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK LMS5xx. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attacker can exploit this weakness to eavesdrop on the communication between the LMS5xx and the Client, and potentially manipulate the data being transmitted.

Related Vulnerabilities

CVE-2016-10552

HIGH
CVSS:7.4(High)

igniteui 0.0.5 and earlier downloads JavaScript and CSS resources over insecure protocol.

CWE-3112016

CVE-2017-15397

HIGH
CVSS:7.4(High)

Inappropriate implementation in ChromeVox in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker in a privileged network position to observe or tamper with certain cleartext HTTP requests...

CWE-3112017

CVE-2018-5481

HIGH
CVSS:7.4(High)

OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the secure attribute in certain circumstances making it vulnerable to impersonation via man-in-the-middle (MIT...

CWE-3112018

CVE-2019-11405

HIGH
CVSS:7.4(High)

OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses http:// URLs in various build.gradle, build.gradle.mustache, and build.sbt files, which may have caused insecurely resolved depend...

CWE-3112019

CVE-2021-21963

HIGH
CVSS:7.4(High)

An information disclosure vulnerability exists in the Web Server functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted man-in-the-middle attack can lead to a disclosure ...

CWE-3112021

CVE-2021-40366

HIGH
CVSS:7.4(High)

A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.42), Climatix POL909 (AWM module) (All versions < V11.34). The web server of affected devices transmits data wit...

CWE-3112021