CVE-2023-23451

The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW., SICK UE410-EN1 FLEXI ETHERNET GATEW., SICK UE410-EN3S04 FLEXI ETHERNET GATEW., SICK UE410-EN4 FLEXI ETHERNET GATEW., SICK FX0-GENT00000 FLEXISOFT EIP GATEW., SICK FX0-GMOD00000 FLEXISOFT MOD GATEW., SICK FX0-GPNT00000 FLEXISOFT PNET GATEW., SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 and SICK FX0-GMOD00010 FLEXISOFT MOD GW. have Telnet enabled by factory default. No password is set in the default configuration. Gateways with a serial number >2311xxxx have the Telnet interface disabled by factory default.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://sick.com/psirt	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:sick:ue410-en3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:ue410-en3:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:sick:ue410-en1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:ue410-en1:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:sick:ue410-en3s04_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:ue410-en3s04:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:sick:ue410-en4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:ue410-en4:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:sick:fx0-gent00000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:fx0-gent00000:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:sick:fx0-gmod00000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:fx0-gmod00000:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:sick:fx0-gpnt00000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:fx0-gpnt00000:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:sick:fx0-gent00030_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:fx0-gent00030:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:sick:fx0-gpnt00030_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:fx0-gpnt00030:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:sick:fx0-gmod00010_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:fx0-gmod00010:-:*:*:*:*:*:*:*

History

04 May 2023, 15:24

Type	Values Removed	Values Added
CWE		CWE-306
References	~~(MISC) https://sick.com/psirt -~~	(MISC) https://sick.com/psirt - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
CPE		cpe:2.3:h:sick:ue410-en3s04:-:::::::* cpe:2.3:h:sick:fx0-gent00000:-:::::::* cpe:2.3:o:sick:fx0-gent00030_firmware:::::::: cpe:2.3:h:sick:ue410-en1:-:::::::* cpe:2.3:h:sick:fx0-gmod00000:-:::::::* cpe:2.3:h:sick:fx0-gpnt00000:-:::::::* cpe:2.3:o:sick:ue410-en4_firmware:::::::: cpe:2.3:o:sick:fx0-gent00000_firmware:::::::: cpe:2.3:h:sick:fx0-gmod00010:-:::::::* cpe:2.3:o:sick:ue410-en3s04_firmware:::::::: cpe:2.3:h:sick:fx0-gent00030:-:::::::* cpe:2.3:o:sick:ue410-en3_firmware:::::::: cpe:2.3:h:sick:fx0-gpnt00030:-:::::::* cpe:2.3:o:sick:fx0-gmod00000_firmware:::::::: cpe:2.3:o:sick:fx0-gpnt00000_firmware:::::::: cpe:2.3:o:sick:fx0-gpnt00030_firmware:::::::: cpe:2.3:h:sick:ue410-en3:-:::::::* cpe:2.3:o:sick:ue410-en1_firmware:::::::: cpe:2.3:h:sick:ue410-en4:-:::::::* cpe:2.3:o:sick:fx0-gmod00010_firmware::::::::

20 Apr 2023, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-04-19 23:15

Updated : 2024-02-04 23:37

NVD link : CVE-2023-23451

Mitre link : CVE-2023-23451

CVE.ORG link : CVE-2023-23451

JSON object : View

Products Affected

sick

fx0-gmod00010
ue410-en3s04
fx0-gent00000
ue410-en4_firmware
ue410-en1_firmware
fx0-gent00000_firmware
fx0-gmod00010_firmware
fx0-gpnt00030
fx0-gent00030
fx0-gpnt00000
ue410-en3
ue410-en3_firmware
ue410-en4
fx0-gpnt00030_firmware
ue410-en3s04_firmware
fx0-gmod00000_firmware
fx0-gpnt00000_firmware
ue410-en1
fx0-gent00030_firmware
fx0-gmod00000

CWE

CWE-306

Missing Authentication for Critical Function

CWE-477

Use of Obsolete Function

9.8 /10