Missing Authentication Issue in SICK Flexi Classic and Soft Gateways
CVE-2023-23444

8.2HIGH

Key Information:

Vendor

Sick Ag

Status
Ue410-en3 Flexi Ethernet Gatew.
Ue410-en1 Flexi Ethernet Gatew.
Ue410-en4 Flexi Ethernet Gatew.
Fx0-gent00000 Flexisoft Eip Gatew.
Vendor
CVE Published:
12 May 2023

What is CVE-2023-23444?

SICK Flexi Classic and Flexi Soft Gateways exhibit a missing authentication vulnerability that allows unauthorized attackers to manipulate device settings. An unauthenticated remote attacker can exploit this issue by sending specially crafted UDP packets, potentially compromising the device's availability by altering its IP configuration. This vulnerability underscores the importance of implementing strong authentication measures to protect critical device functions.

Affected Version(s)

FX0-GENT00000 FLEXISOFT EIP GATEW. all firmware versions

FX0-GENT00000 FLEXISOFT EIP GATEW. Firmware all firmware versions

FX0-GENT00010 FLEXISOFT EIP GW (C) all firmware versions

References

https://sick.com/psirt
issue-tracking
https://sick.com/.well-known/csaf/white/2023/sca-2023-000...
vendor-advisory
https://sick.com/.well-known/csaf/white/2023/sca-2023-000...
x_csaf

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.