CVE-2023-23453

Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://sick.com/psirt	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:sick:fx0-gent00010_firmware:3.04:::::::*
	cpe:2.3:o:sick:fx0-gent00010_firmware:3.05:::::::*

cpe:2.3:h:sick:fx0-gent00010:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:sick:fx0-gent00000_firmware:3.04:::::::*
	cpe:2.3:o:sick:fx0-gent00000_firmware:3.05:::::::*

cpe:2.3:h:sick:fx0-gent00000:-:*:*:*:*:*:*:*

History

02 Mar 2023, 17:06

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
References	~~(MISC) https://sick.com/psirt -~~	(MISC) https://sick.com/psirt - Vendor Advisory
CPE		cpe:2.3:o:sick:fx0-gent00000_firmware:3.04:::::::* cpe:2.3:o:sick:fx0-gent00010_firmware:3.04:::::::* cpe:2.3:h:sick:fx0-gent00010:-:::::::* cpe:2.3:o:sick:fx0-gent00010_firmware:3.05:::::::* cpe:2.3:h:sick:fx0-gent00000:-:::::::* cpe:2.3:o:sick:fx0-gent00000_firmware:3.05:::::::*
CWE		CWE-306

21 Feb 2023, 14:50

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-02-20 23:15

Updated : 2024-02-04 23:14

NVD link : CVE-2023-23453

Mitre link : CVE-2023-23453

CVE.ORG link : CVE-2023-23453

JSON object : View

Products Affected

sick

fx0-gent00010
fx0-gent00000
fx0-gent00010_firmware
fx0-gent00000_firmware

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2023-23453", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-02-20T23:15:12.517", "references": [{"url": "https://sick.com/psirt", "tags": ["Vendor Advisory"], "source": "psirt@sick.de"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}, {"type": "Secondary", "source": "psirt@sick.de", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000."}], "lastModified": "2023-03-02T17:06:04.357", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sick:fx0-gent00010_firmware:3.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9EC0ECE-70A8-442B-B93B-B84932F52DA4"}, {"criteria": "cpe:2.3:o:sick:fx0-gent00010_firmware:3.05:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D73D794-5176-42B1-B73F-2BB30D123E03"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sick:fx0-gent00010:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BBAC00EB-BB15-4A65-A58D-B3015F7CFF85"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sick:fx0-gent00000_firmware:3.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0831A52-F30A-4CEF-AF5B-037D9E3F09A9"}, {"criteria": "cpe:2.3:o:sick:fx0-gent00000_firmware:3.05:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "914328E2-B380-4763-AE8A-91B711EDE944"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sick:fx0-gent00000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EAB590A4-F5E4-4A17-B5A6-33A995C96BAB"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@sick.de"}