CVE-2023-35698
5.3 MEDIUMObservable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify valid usernames for the FTP server from th...
Published: 2023-07-10 · Last updated: 2026-06-01
Severity and scoring
- CVSS
- 5.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- CWE
- CWE-203, CWE-204
Affected products
| Vendor | Product |
|---|---|
| sick | icr890-4_firmware |
Description
Observable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify valid usernames for the FTP server from the response given during a failed login attempt.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2023-35698
- [Vendor advisory]https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json
- [Vendor advisory]https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf
- [Other]https://sick.com/psirt
- [Vendor advisory]https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json
- [Vendor advisory]https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf
- [Other]https://sick.com/psirt
Related CVEs
Same vendor
- CVE-2023-3273 — Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to affect the availability of the device by c... (7.5 HIGH)
- CVE-2023-3272 — Cleartext Transmission of Sensitive Information in the SICK ICR890-4 could allow a remote attacker to gather sensitive information by int... (7.5 HIGH)
- CVE-2023-3271 — Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to gather information about the system and do... (8.2 HIGH)
- CVE-2023-35699 — Cleartext Storage on Disk in the SICK ICR890-4 could allow an unauthenticated attacker with local access to the device to disclose sensit... (5.3 MEDIUM)
- CVE-2023-35697 — Improper Restriction of Excessive Authentication Attempts in the SICK ICR890-4 could allow a remote attacker to brute-force user credentials (5.3 MEDIUM)
Same CWE
- CVE-2026-11289 — Side-channel information leakage in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via... (6.5 MEDIUM)
- CVE-2026-11284 — Side-channel information leakage in PerformanceAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origi... (6.5 MEDIUM)
- CVE-2026-43926 — FOSSBilling is a free, open-source billing and client management system
- CVE-2026-45294 — FreeScout is a free help desk and shared inbox built with PHP's Laravel framework (5.3 MEDIUM)
- CVE-2026-45620 — WWBN AVideo is an open source video platform (5.3 MEDIUM)