Authentication Bypass Vulnerability in SICK Flexi Soft Gateways
CVE-2023-5246

8.8HIGH

Key Information:

Vendor
Sick Ag
Status
Fx0-gmod00000
Fx0-gmod00010
Fx0-gmod00030
Fx0-gpnt00000
Vendor
CVE Published:
23 October 2023

Summary

The vulnerability presents an authentication bypass flaw in SICK Flexi Soft Gateways, allowing unauthenticated remote attackers to exploit capture-replay techniques. This issue could potentially compromise the availability, integrity, and confidentiality of affected gateways, impacting their functionality and security posture. Organizations using these devices are advised to review the vulnerability details and apply appropriate mitigations.

Affected Version(s)

FX0-GENT00000 vers:all/*

FX0-GENT00010 vers:all/*

FX0-GENT00030 vers:all/*

References

https://sick.com/psirt
issue-tracking
https://sick.com/.well-known/csaf/white/2023/sca-2023-001...
vendor-advisory
https://sick.com/.well-known/csaf/white/2023/sca-2023-001...
x_csaf

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.