CVE-2023-35696 – Unauthenticated HTTP endpoints in SICK ICR890-4... (How to Fix)

Q: What is the severity of CVE-2023-35696?

CVE-2023-35696 has a CVSS score of 7.5 (HIGH). Unauthenticated HTTP endpoints in SICK ICR890-4 industrial cameras allow remote attackers to retrieve sensitive device information without credentials. This affects all organizations using vulnerable versions of these cameras, particularly those with network exposure.

📋 TL;DR

Unauthenticated HTTP endpoints in SICK ICR890-4 industrial cameras allow remote attackers to retrieve sensitive device information without credentials. This affects all organizations using vulnerable versions of these cameras, particularly those with network exposure.

💻 Affected Systems

Products:

SICK ICR890-4 industrial camera

Versions: All versions prior to firmware update (specific version not specified in CVE)

Operating Systems: Embedded camera firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects default configurations where HTTP management interface is enabled. Devices with web interface disabled may not be vulnerable.

📦 What is this software?

Icr890 4 Firmware by Sick

View all CVEs affecting Icr890 4 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers obtain detailed device information that could facilitate further attacks, including network reconnaissance, credential harvesting, or exploitation of other vulnerabilities.

🟠

Likely Case

Information disclosure revealing device configuration, network settings, and potentially sensitive operational data that could aid in targeted attacks.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing external access to camera management interfaces.

🌐 Internet-Facing: HIGH - Directly accessible devices can be scanned and exploited remotely without authentication.

🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could still exploit this, but requires network access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP requests to specific endpoints can trigger information disclosure. No authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check SICK PSIRT for latest firmware updates

Vendor Advisory: https://sick.com/psirt

Restart Required: Yes

Instructions:

1. Check SICK PSIRT for advisory SCA-2023-0006. 2. Download latest firmware from SICK support portal. 3. Apply firmware update following manufacturer instructions. 4. Verify update completion and restart device.

🔧 Temporary Workarounds

Network segmentation

all

Isolate camera management interfaces from untrusted networks

Disable HTTP management

all

Turn off HTTP web interface if not required for operations

🧯 If You Can't Patch

Implement strict network access controls to limit camera management interface access to authorized IPs only
Monitor network traffic for unauthorized access attempts to camera HTTP endpoints

🔍 How to Verify

Check if Vulnerable:

Attempt HTTP GET requests to camera management endpoints without authentication. If device information is returned, device is vulnerable.

Check Version:

Check firmware version via camera web interface or SICK configuration tools

Verify Fix Applied:

After patching, repeat vulnerability check. Information should not be accessible without proper authentication.

📡 Detection & Monitoring

Log Indicators:

Unauthenticated HTTP requests to camera management endpoints
Multiple failed authentication attempts followed by information requests

Network Indicators:

HTTP GET requests to camera IP on management ports without authentication headers
Unusual information requests from external IPs

SIEM Query:

source_ip=external AND dest_port IN (80, 443, 8080) AND http_method=GET AND NOT user_agent=*browser* AND response_size>1000

📊 Metadata

CVE ID: CVE-2023-35696

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-668

Published: July 10, 2023

Last Updated: November 21, 2024

🔗 References

https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json Vendor Advisory
https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf Vendor Advisory
https://sick.com/psirt Product
https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json Vendor Advisory
https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf Vendor Advisory
https://sick.com/psirt Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-35696, you might also want to check these: