Authentication Bypass by Capture-replay in SICK Flexi Soft Gateways with Partnumbers 1044073, 1127717, 1130282, 1044074, 1121597, 1099832, 1051432, 1127487, 1069070, 1112296, 1044072, 1121596, 1099830 allows an unauthenticated remote attacker to potentially impact the availability, integrity and confidentiality of the gateways via an authentication bypass by capture-replay.
References
Link | Resource |
---|---|
https://sick.com/.well-known/csaf/white/2023/sca-2023-0011.json | Vendor Advisory |
https://sick.com/.well-known/csaf/white/2023/sca-2023-0011.pdf | Mitigation Vendor Advisory |
https://sick.com/psirt | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
History
31 Oct 2023, 11:58
Type | Values Removed | Values Added |
---|---|---|
First Time |
Sick fx0-gmod00000 Firmware
Sick fx0-gmod00030 Firmware Sick fx0-gepr00000 Sick fx0-gepr00010 Firmware Sick fx0-gent00000 Sick fx0-gpnt00000 Firmware Sick fx0-gpnt00010 Firmware Sick fx0-gent00010 Firmware Sick fx0-gpnt00000 Sick fx0-get00010 Sick fx0-gepr00000 Firmware Sick fx0-gpnt00030 Sick fx0-gmod00010 Firmware Sick fx0-gent00000 Firmware Sick fx0-gent00030 Sick fx0-get00010 Firmware Sick fx0-gpnt00010 Sick fx0-gmod00010 Sick fx0-get00000 Sick fx0-gent00030 Firmware Sick fx0-gmod00000 Sick Sick fx0-gmod00030 Sick fx0-gpnt00030 Firmware Sick fx0-gepr00010 Sick fx0-gent00010 Sick fx0-get00000 Firmware |
|
CWE | CWE-287 | |
CPE | cpe:2.3:o:sick:fx0-gpnt00030_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:sick:fx0-gpnt00000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:sick:fx0-gent00010_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:sick:fx0-gepr00010_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:sick:fx0-gent00030:-:*:*:*:*:*:*:* cpe:2.3:o:sick:fx0-gmod00000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:sick:fx0-gent00000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:sick:fx0-gmod00030_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:sick:fx0-get00010_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:sick:fx0-gpnt00010_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:sick:fx0-gmod00030:-:*:*:*:*:*:*:* cpe:2.3:h:sick:fx0-gpnt00030:-:*:*:*:*:*:*:* cpe:2.3:h:sick:fx0-get00000:-:*:*:*:*:*:*:* cpe:2.3:h:sick:fx0-gmod00010:-:*:*:*:*:*:*:* cpe:2.3:h:sick:fx0-gent00000:-:*:*:*:*:*:*:* cpe:2.3:h:sick:fx0-gmod00000:-:*:*:*:*:*:*:* cpe:2.3:h:sick:fx0-get00010:-:*:*:*:*:*:*:* cpe:2.3:h:sick:fx0-gpnt00010:-:*:*:*:*:*:*:* cpe:2.3:h:sick:fx0-gepr00000:-:*:*:*:*:*:*:* cpe:2.3:o:sick:fx0-gent00030_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:sick:fx0-gpnt00000:-:*:*:*:*:*:*:* cpe:2.3:h:sick:fx0-gepr00010:-:*:*:*:*:*:*:* cpe:2.3:o:sick:fx0-gmod00010_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:sick:fx0-get00000_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:sick:fx0-gent00010:-:*:*:*:*:*:*:* cpe:2.3:o:sick:fx0-gepr00000_firmware:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
References | (MISC) https://sick.com/.well-known/csaf/white/2023/sca-2023-0011.json - Vendor Advisory | |
References | (MISC) https://sick.com/.well-known/csaf/white/2023/sca-2023-0011.pdf - Mitigation, Vendor Advisory | |
References | (MISC) https://sick.com/psirt - Vendor Advisory |
25 Oct 2023, 18:17
Type | Values Removed | Values Added |
---|---|---|
Summary | Authentication Bypass by Capture-replay in SICK Flexi Soft Gateways with Partnumbers 1044073, 1127717, 1130282, 1044074, 1121597, 1099832, 1051432, 1127487, 1069070, 1112296, 1044072, 1121596, 1099830 allows an unauthenticated remote attacker to potentially impact the availability, integrity and confidentiality of the gateways via an authentication bypass by capture-replay. |
23 Oct 2023, 13:23
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-23 13:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-5246
Mitre link : CVE-2023-5246
CVE.ORG link : CVE-2023-5246
JSON object : View
Products Affected
sick
- fx0-gepr00010
- fx0-gmod00000_firmware
- fx0-gent00030
- fx0-get00010_firmware
- fx0-gepr00000
- fx0-gpnt00000
- fx0-gpnt00010_firmware
- fx0-gent00010
- fx0-get00000_firmware
- fx0-gpnt00000_firmware
- fx0-get00010
- fx0-gpnt00030
- fx0-gmod00000
- fx0-gent00010_firmware
- fx0-gpnt00010
- fx0-gent00000
- fx0-gent00030_firmware
- fx0-gepr00010_firmware
- fx0-gmod00010_firmware
- fx0-gpnt00030_firmware
- fx0-get00000
- fx0-gent00000_firmware
- fx0-gmod00030
- fx0-gmod00010
- fx0-gepr00000_firmware
- fx0-gmod00030_firmware
CWE
CWE-287
Improper Authentication