Authentication Bypass Vulnerability in SICK Flexi Soft Gateways
CVE-2023-5246

8.8HIGH

Key Information:

Vendor: Sick Ag
Status: Fx0-gmod00000; Fx0-gmod00010; Fx0-gmod00030; Fx0-gpnt00000
Vendor: CVE Published:; 23 October 2023

What is CVE-2023-5246?

The vulnerability presents an authentication bypass flaw in SICK Flexi Soft Gateways, allowing unauthenticated remote attackers to exploit capture-replay techniques. This issue could potentially compromise the availability, integrity, and confidentiality of affected gateways, impacting their functionality and security posture. Organizations using these devices are advised to review the vulnerability details and apply appropriate mitigations.

Affected Version(s)

FX0-GENT00000 vers:all/*

FX0-GENT00010 vers:all/*

FX0-GENT00030 vers:all/*

References

https://sick.com/psirt

issue-tracking

https://sick.com/.well-known/csaf/white/2023/sca-2023-001...

vendor-advisory

https://sick.com/.well-known/csaf/white/2023/sca-2023-001...

x_csaf

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 23, 2023
Vulnerability Reserved
Sep 28, 2023

Sick Ag

What is CVE-2023-5246?

Affected Version(s)

References

CVSS V3.1

Timeline