Lms531 Firmware
CVE-2023-31412
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an attacker manages to retrieve the hash, it could lead to collision attacks and the potential retrieval of the password.
AnalysisAI
The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-916. The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an attacker manages to retrieve the hash, it could lead to collision attacks and the potential retrieval of the password. Affected products include: Sick Lms531 Firmware, Sick Lms511 Firmware, Sick Lms500 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Lms531 Firmware
View allThe LMS5xx uses hard-coded credentials, which potentially allow low-skilled unauthorized remote attackers to reconfigure
A remote unprivileged attacker can sent multiple packages to the LMS5xx to disrupt its availability through a TCP SYN-ba
Platform mechanism AutoIP allows remote attackers to reboot the device via a crafted packet in SICK AG solutions Bulksca
A remote unprivileged attacker can intercept the communication via e.g. Rated high severity (CVSS 7.4), this vulnerabili
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today