CVE-2023-5246

Authentication Bypass by Capture-replay in SICK Flexi Soft Gateways with Partnumbers 1044073, 1127717, 1130282, 1044074, 1121597, 1099832, 1051432, 1127487, 1069070, 1112296, 1044072, 1121596, 1099830 allows an unauthenticated remote attacker to potentially impact the availability, integrity and confidentiality of the gateways via an authentication bypass by capture-replay.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:sick:fx0-gent00000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-gent00000:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:sick:fx0-gent00010_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-gent00010:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:sick:fx0-gent00030_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-gent00030:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:sick:fx0-get00000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-get00000:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:sick:fx0-get00010_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-get00010:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:sick:fx0-gmod00000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-gmod00000:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:sick:fx0-gmod00010_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-gmod00010:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:sick:fx0-gmod00030_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-gmod00030:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:sick:fx0-gpnt00000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-gpnt00000:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:sick:fx0-gpnt00010_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-gpnt00010:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:sick:fx0-gpnt00030_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-gpnt00030:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:sick:fx0-gepr00000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-gepr00000:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:sick:fx0-gepr00010_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-gepr00010:-:*:*:*:*:*:*:*

History

31 Oct 2023, 11:58

Type Values Removed Values Added
First Time Sick fx0-gmod00000 Firmware
Sick fx0-gmod00030 Firmware
Sick fx0-gepr00000
Sick fx0-gepr00010 Firmware
Sick fx0-gent00000
Sick fx0-gpnt00000 Firmware
Sick fx0-gpnt00010 Firmware
Sick fx0-gent00010 Firmware
Sick fx0-gpnt00000
Sick fx0-get00010
Sick fx0-gepr00000 Firmware
Sick fx0-gpnt00030
Sick fx0-gmod00010 Firmware
Sick fx0-gent00000 Firmware
Sick fx0-gent00030
Sick fx0-get00010 Firmware
Sick fx0-gpnt00010
Sick fx0-gmod00010
Sick fx0-get00000
Sick fx0-gent00030 Firmware
Sick fx0-gmod00000
Sick
Sick fx0-gmod00030
Sick fx0-gpnt00030 Firmware
Sick fx0-gepr00010
Sick fx0-gent00010
Sick fx0-get00000 Firmware
CWE CWE-287
CPE cpe:2.3:o:sick:fx0-gpnt00030_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:sick:fx0-gpnt00000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:sick:fx0-gent00010_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:sick:fx0-gepr00010_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-gent00030:-:*:*:*:*:*:*:*
cpe:2.3:o:sick:fx0-gmod00000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:sick:fx0-gent00000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:sick:fx0-gmod00030_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:sick:fx0-get00010_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:sick:fx0-gpnt00010_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-gmod00030:-:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-gpnt00030:-:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-get00000:-:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-gmod00010:-:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-gent00000:-:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-gmod00000:-:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-get00010:-:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-gpnt00010:-:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-gepr00000:-:*:*:*:*:*:*:*
cpe:2.3:o:sick:fx0-gent00030_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-gpnt00000:-:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-gepr00010:-:*:*:*:*:*:*:*
cpe:2.3:o:sick:fx0-gmod00010_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:sick:fx0-get00000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sick:fx0-gent00010:-:*:*:*:*:*:*:*
cpe:2.3:o:sick:fx0-gepr00000_firmware:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
References (MISC) https://sick.com/.well-known/csaf/white/2023/sca-2023-0011.json - (MISC) https://sick.com/.well-known/csaf/white/2023/sca-2023-0011.json - Vendor Advisory
References (MISC) https://sick.com/.well-known/csaf/white/2023/sca-2023-0011.pdf - (MISC) https://sick.com/.well-known/csaf/white/2023/sca-2023-0011.pdf - Mitigation, Vendor Advisory
References (MISC) https://sick.com/psirt - (MISC) https://sick.com/psirt - Vendor Advisory

25 Oct 2023, 18:17

Type Values Removed Values Added
Summary Authentication Bypass by Capture-replay in SICK Flexi Soft Gateways with Partnumbers 1044073, 1127717, 1130282, 1044074, 1121597, 1099832, 1051432, 1127487, 1069070, 1112296, 1044072, 1121596, 1099830 allows an unauthenticated remote attacker to potentially impact the availabilty, integrity and confidentaility of the gateways via an authentication bypass by capture-replay. Authentication Bypass by Capture-replay in SICK Flexi Soft Gateways with Partnumbers 1044073, 1127717, 1130282, 1044074, 1121597, 1099832, 1051432, 1127487, 1069070, 1112296, 1044072, 1121596, 1099830 allows an unauthenticated remote attacker to potentially impact the availability, integrity and confidentiality of the gateways via an authentication bypass by capture-replay.

23 Oct 2023, 13:23

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-23 13:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-5246

Mitre link : CVE-2023-5246

CVE.ORG link : CVE-2023-5246


JSON object : View

Products Affected

sick

  • fx0-gepr00010
  • fx0-gmod00000_firmware
  • fx0-gent00030
  • fx0-get00010_firmware
  • fx0-gepr00000
  • fx0-gpnt00000
  • fx0-gpnt00010_firmware
  • fx0-gent00010
  • fx0-get00000_firmware
  • fx0-gpnt00000_firmware
  • fx0-get00010
  • fx0-gpnt00030
  • fx0-gmod00000
  • fx0-gent00010_firmware
  • fx0-gpnt00010
  • fx0-gent00000
  • fx0-gent00030_firmware
  • fx0-gepr00010_firmware
  • fx0-gmod00010_firmware
  • fx0-gpnt00030_firmware
  • fx0-get00000
  • fx0-gent00000_firmware
  • fx0-gmod00030
  • fx0-gmod00010
  • fx0-gepr00000_firmware
  • fx0-gmod00030_firmware
CWE
CWE-287

Improper Authentication