Overview
- Description
- A remote unprivileged attacker can sent multiple packages to the LMS5xx to disrupt its availability through a TCP SYN-based denial-of-service (DDoS) attack. By exploiting this vulnerability, an attacker can flood the targeted LMS5xx with a high volume of TCP SYN requests, overwhelming its resources and causing it to become unresponsive or unavailable for legitimate users.
- Source
- psirt@sick.de
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
Weaknesses
- nvd@nist.gov
- CWE-400
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sick:lms531:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "44AF5B79-0A15-4195-80F3-7304D8000D1A"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sick:lms531_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5943B624-D730-4679-8118-CD29CFB4CD1C"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sick:lms511:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "9ABE387A-9B29-43DE-A4F1-EDD3CB8BEB6F"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sick:lms511_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F113FA6F-F3CC-43C7-97A4-D40F8F1F5E9F"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sick:lms500:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "B8A37D4F-969C-4496-BD10-13C903A41305"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sick:lms500_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9DF24DAB-D1E4-4B14-B9CE-BFB52F9BDBC7"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]