CVE-2023-5246

Authentication Bypass by Capture-replay in SICK Flexi Soft Gateways with Partnumbers 1044073, 1127717, 1130282, 1044074, 1121597, 1099832, 1051432, 1127487, 1069070, 1112296, 1044072, 1121596, 1099830 allows an unauthenticated remote attacker to potentially impact the availability, integrity and confidentiality of the gateways via an authentication bypass by capture-replay.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
sickfx0-gent00000_firmware
-
sickfx0-gent00010_firmware
-
sickfx0-gent00030_firmware
-
sickfx0-get00000_firmware
-
sickfx0-get00010_firmware
-
sickfx0-gmod00000_firmware
-
sickfx0-gmod00010_firmware
-
sickfx0-gmod00030_firmware
-
sickfx0-gpnt00000_firmware
-
sickfx0-gpnt00010_firmware
-
sickfx0-gpnt00030_firmware
-
sickfx0-gepr00000_firmware
-
sickfx0-gepr00010_firmware
-
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
sickfx0-gmod00000_firmware
𝑥
≤ *
ADP
sickfx0-gmod00010_firmware
𝑥
≤ *
ADP
sickfx0-gmod00030_firmware
𝑥
≤ *
ADP
sickfx0-gpnt00000_firmware
𝑥
≤ *
ADP
sickfx0-gpnt00010_firmware
𝑥
≤ *
ADP
sickfx0-gpnt00030_firmware
𝑥
≤ *
ADP
sickfx0-getc00000
𝑥
≤ *
ADP
sickfx0-getc00010
𝑥
≤ *
ADP
sickfx3-gepr00000
𝑥
≤ *
ADP
sickfx3-gepr00010
𝑥
≤ *
ADP
sickfx0-gent00000_firmware
𝑥
≤ *
ADP
sickfx0-gent00010_firmware
𝑥
≤ *
ADP
sickfx0-gent00030_firmware
𝑥
≤ *
ADP
Common Weakness Enumeration
References
https://sick.com/.well-known/csaf/white/2023/sca-2023-0011.json
https://sick.com/.well-known/csaf/white/2023/sca-2023-0011.pdf
https://sick.com/psirt
https://sick.com/.well-known/csaf/white/2023/sca-2023-0011.json
https://sick.com/.well-known/csaf/white/2023/sca-2023-0011.pdf
https://sick.com/psirt