CVE-2023-23451

The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN1 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN3S04 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN4 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK FX0-GENT00000 FLEXISOFT EIP GATEW. with serial number <=2311xxxx with Firmware <=V2.11.0, SICK FX0-GMOD00000 FLEXISOFT MOD GATEW. with serial number <=2311xxxx with Firmware <=V2.11.0, SICK FX0-GPNT00000 FLEXISOFT PNET GATEW. with serial number <=2311xxxx with Firmware <=V2.12.0, SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2 with serial number <=2311xxxx all Firmware versions, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 with serial number <=2311xxxx all Firmware versions and SICK FX0-GMOD00010 FLEXISOFT MOD GW with serial number <=2311xxxx with Firmware <=V2.11.0 all have Telnet enabled by factory default. No password is set in the default configuration.
References
Link Resource
https://sick.com/psirt Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:sick:ue410-en3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:ue410-en3:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:sick:ue410-en1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:ue410-en1:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:sick:ue410-en3s04_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:ue410-en3s04:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:sick:ue410-en4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:ue410-en4:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:sick:fx0-gent00000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-gent00000:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:sick:fx0-gmod00000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-gmod00000:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:sick:fx0-gpnt00000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-gpnt00000:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:sick:fx0-gent00030_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-gent00030:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:sick:fx0-gpnt00030_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-gpnt00030:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:sick:fx0-gmod00010_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-gmod00010:-:*:*:*:*:*:*:*

History

14 Sep 2023, 17:15

Type Values Removed Values Added
Summary The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW., SICK UE410-EN1 FLEXI ETHERNET GATEW., SICK UE410-EN3S04 FLEXI ETHERNET GATEW., SICK UE410-EN4 FLEXI ETHERNET GATEW., SICK FX0-GENT00000 FLEXISOFT EIP GATEW., SICK FX0-GMOD00000 FLEXISOFT MOD GATEW., SICK FX0-GPNT00000 FLEXISOFT PNET GATEW., SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 and SICK FX0-GMOD00010 FLEXISOFT MOD GW. have Telnet enabled by factory default. No password is set in the default configuration. Gateways with a serial number >2311xxxx have the Telnet interface disabled by factory default. The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN1 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN3S04 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN4 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK FX0-GENT00000 FLEXISOFT EIP GATEW. with serial number <=2311xxxx with Firmware <=V2.11.0, SICK FX0-GMOD00000 FLEXISOFT MOD GATEW. with serial number <=2311xxxx with Firmware <=V2.11.0, SICK FX0-GPNT00000 FLEXISOFT PNET GATEW. with serial number <=2311xxxx with Firmware <=V2.12.0, SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2 with serial number <=2311xxxx all Firmware versions, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 with serial number <=2311xxxx all Firmware versions and SICK FX0-GMOD00010 FLEXISOFT MOD GW with serial number <=2311xxxx with Firmware <=V2.11.0 all have Telnet enabled by factory default. No password is set in the default configuration.

Information

Published : 2023-04-19 23:15

Updated : 2024-02-28 20:13


NVD link : CVE-2023-23451

Mitre link : CVE-2023-23451

CVE.ORG link : CVE-2023-23451


JSON object : View

Products Affected

sick

  • fx0-gmod00000_firmware
  • fx0-gent00030
  • fx0-gpnt00000
  • ue410-en4_firmware
  • ue410-en4
  • ue410-en3_firmware
  • fx0-gpnt00000_firmware
  • fx0-gpnt00030
  • fx0-gmod00000
  • fx0-gent00000
  • fx0-gent00030_firmware
  • ue410-en3s04
  • fx0-gpnt00030_firmware
  • fx0-gmod00010_firmware
  • fx0-gent00000_firmware
  • ue410-en3s04_firmware
  • fx0-gmod00010
  • ue410-en1
  • ue410-en3
  • ue410-en1_firmware
CWE
CWE-306

Missing Authentication for Critical Function

CWE-477

Use of Obsolete Function