CVE-2023-23453

Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://sick.com/psirt	Vendor Advisory
https://sick.com/psirt	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:sick:fx0-gent00010_firmware:3.04:::::::*
	cpe:2.3:o:sick:fx0-gent00010_firmware:3.05:::::::*

cpe:2.3:h:sick:fx0-gent00010:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:sick:fx0-gent00000_firmware:3.04:::::::*
	cpe:2.3:o:sick:fx0-gent00000_firmware:3.05:::::::*

cpe:2.3:h:sick:fx0-gent00000:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:46

Type	Values Removed	Values Added
References	~~() https://sick.com/psirt - Vendor Advisory~~	() https://sick.com/psirt - Vendor Advisory

Information

Published : 2023-02-20 23:15

Updated : 2024-11-21 07:46

NVD link : CVE-2023-23453

Mitre link : CVE-2023-23453

CVE.ORG link : CVE-2023-23453

JSON object : View

Products Affected

sick

fx0-gent00000
fx0-gent00000_firmware
fx0-gent00010_firmware
fx0-gent00010

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2023-23453", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-02-20T23:15:12.517", "references": [{"url": "https://sick.com/psirt", "tags": ["Vendor Advisory"], "source": "psirt@sick.de"}, {"url": "https://sick.com/psirt", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "psirt@sick.de", "description": [{"lang": "en", "value": "CWE-306"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000."}], "lastModified": "2024-11-21T07:46:13.790", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sick:fx0-gent00010_firmware:3.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9EC0ECE-70A8-442B-B93B-B84932F52DA4"}, {"criteria": "cpe:2.3:o:sick:fx0-gent00010_firmware:3.05:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D73D794-5176-42B1-B73F-2BB30D123E03"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sick:fx0-gent00010:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BBAC00EB-BB15-4A65-A58D-B3015F7CFF85"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sick:fx0-gent00000_firmware:3.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0831A52-F30A-4CEF-AF5B-037D9E3F09A9"}, {"criteria": "cpe:2.3:o:sick:fx0-gent00000_firmware:3.05:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "914328E2-B380-4763-AE8A-91B711EDE944"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sick:fx0-gent00000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EAB590A4-F5E4-4A17-B5A6-33A995C96BAB"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@sick.de"}