CVE-2023-43696

HIGH

SICK APU0200 Firmware < 4.0.0.6 - Unauthenticated Arbitrary File Read and Write via FTP Server

Title source: llm

Description

Improper Access Control in SICK APU allows an unprivileged remote attacker to download as well as upload arbitrary files via anonymous access to the FTP server.

References (3)

Core 3

Core References

Product issue-tracking

https://sick.com/psirt

Vendor Advisory vendor-advisory

https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.pdf

Vendor Advisory x_csaf

https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json

Scores

CVSS v3 8.2

EPSS 0.0065

EPSS Percentile 46.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-284 CWE-434

Status published

Products (1)

sick/apu0200_firmware < 4.0.0.6

Published Oct 09, 2023

Tracked Since Feb 18, 2026