CVE-2023-23451

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-23451
The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW., SICK UE410-EN1 FLEXI ETHERNET GATEW., SICK UE410-EN3S04 FLEXI ETHERNET GATEW., SICK UE410-EN4 FLEXI ETHERNET GATEW., SICK FX0-GENT00000 FLEXISOFT EIP GATEW., SICK FX0-GMOD00000 FLEXISOFT MOD GATEW., SICK FX0-GPNT00000 FLEXISOFT PNET GATEW., SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 and SICK FX0-GMOD00010 FLEXISOFT MOD GW. have Telnet enabled by factory default. No password is set in the default configuration. Gateways with a serial number >2311xxxx have the Telnet interface disabled by factory default.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://sick.com/psirt Vendor Advisory
https://sick.com/psirt Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:sick:ue410-en3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:ue410-en3:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:sick:ue410-en1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:ue410-en1:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:sick:ue410-en3s04_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:ue410-en3s04:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:sick:ue410-en4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:ue410-en4:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:sick:fx0-gent00000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-gent00000:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:sick:fx0-gmod00000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-gmod00000:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:sick:fx0-gpnt00000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-gpnt00000:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:sick:fx0-gent00030_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-gent00030:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:sick:fx0-gpnt00030_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-gpnt00030:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:sick:fx0-gmod00010_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-gmod00010:-:*:*:*:*:*:*:*
History

21 Nov 2024, 07:46

Type Values Removed Values Added
References () https://sick.com/psirt - Vendor Advisory () https://sick.com/psirt - Vendor Advisory

04 May 2023, 15:24

Type Values Removed Values Added
CWE CWE-306
References (MISC) https://sick.com/psirt - (MISC) https://sick.com/psirt - Vendor Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
CPE cpe:2.3:h:sick:ue410-en3s04:-:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-gent00000:-:*:*:*:*:*:*:*
cpe:2.3:o:sick:fx0-gent00030_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:ue410-en1:-:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-gmod00000:-:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-gpnt00000:-:*:*:*:*:*:*:*
cpe:2.3:o:sick:ue410-en4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:sick:fx0-gent00000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-gmod00010:-:*:*:*:*:*:*:*
cpe:2.3:o:sick:ue410-en3s04_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-gent00030:-:*:*:*:*:*:*:*
cpe:2.3:o:sick:ue410-en3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-gpnt00030:-:*:*:*:*:*:*:*
cpe:2.3:o:sick:fx0-gmod00000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:sick:fx0-gpnt00000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:sick:fx0-gpnt00030_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:ue410-en3:-:*:*:*:*:*:*:*
cpe:2.3:o:sick:ue410-en1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:ue410-en4:-:*:*:*:*:*:*:*
cpe:2.3:o:sick:fx0-gmod00010_firmware:*:*:*:*:*:*:*:*

20 Apr 2023, 13:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-04-19 23:15

Updated : 2025-02-05 16:15

NVD link : CVE-2023-23451

Mitre link : CVE-2023-23451

CVE.ORG link : CVE-2023-23451

JSON object : View

Products Affected

sick

  • fx0-gmod00000
  • fx0-gpnt00030
  • fx0-gent00030
  • ue410-en4_firmware
  • fx0-gmod00000_firmware
  • ue410-en3s04_firmware
  • fx0-gmod00010
  • fx0-gpnt00030_firmware
  • ue410-en1
  • ue410-en1_firmware
  • fx0-gent00030_firmware
  • ue410-en3
  • ue410-en3_firmware
  • fx0-gpnt00000
  • ue410-en3s04
  • fx0-gpnt00000_firmware
  • fx0-gmod00010_firmware
  • fx0-gent00000
  • ue410-en4
  • fx0-gent00000_firmware
CWE
CWE-477

Use of Obsolete Function

CWE-306

Missing Authentication for Critical Function