Search criteria
2 vulnerabilities found for UE410-EN1 FLEXI ETHERNET GATEW. Firmware by SICK AG
CVE-2023-23444 (GCVE-0-2023-23444)
Vulnerability from cvelistv5 – Published: 2023-05-12 12:39 – Updated: 2025-01-24 16:16
VLAI?
Summary
Missing Authentication for Critical Function in SICK Flexi Classic and Flexi Soft Gateways with Partnumbers 1042193, 1042964, 1044078, 1044072, 1044073, 1044074, 1099830, 1099832, 1127717, 1069070, 1112296, 1051432, 1102420, 1127487, 1121596, 1121597 allows an unauthenticated remote attacker to influence the availability of the device by changing the IP settings of the device via broadcasted UDP packets.
Severity ?
7.5 (High)
CWE
- Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:28:41.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://sick.com/psirt"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0003.pdf"
},
{
"tags": [
"x_csaf",
"x_transferred"
],
"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0003.json"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23444",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T16:15:46.625483Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T16:16:26.175Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "UE410-EN3 FLEXI ETHERNET GATEW.",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "UE410-EN1 FLEXI ETHERNET GATEW.",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "UE410-EN4 FLEXI ETHERNET GATEW.",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GENT00000 FLEXISOFT EIP GATEW.",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GMOD00000 FLEXISOFT MOD GATEW.",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GPNT00000 FLEXISOFT PNET GATEW.",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GENT00030 FLEXISOFT EIP GATEW.V2",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GPNT00030 FLEXISOFT PNET GATEW.V2",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GMOD00010 FLEXISOFT MOD GW (C)",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX3-GEPR00000 FLEXISOFT EFI-PRO GW",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX3-GEPR00010 FLEXISOFT EFI-PRO GW",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GETC00000 FLEXISOFT ETC GW",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GETC00040 FLEXISOFT ETC GW",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GETC00010 FLEXISOFT ETC GW (C)",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GENT00010 FLEXISOFT EIP GW (C)",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GPNT00010 FLEXISOFT PNET GW (C)",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "UE410-EN3 FLEXI ETHERNET GATEW. Firmware",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "UE410-EN1 FLEXI ETHERNET GATEW. Firmware",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "UE410-EN4 FLEXI ETHERNET GATEW. Firmware",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GENT00000 FLEXISOFT EIP GATEW. Firmware",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GMOD00000 FLEXISOFT MOD GATEW. Firmware",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GPNT00000 FLEXISOFT PNET GATEW. Firmware",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GENT00030 FLEXISOFT EIP GATEW.V2 Firmware",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 Firmware",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GMOD00010 FLEXISOFT MOD GW (C) Firmware",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX3-GEPR00000 FLEXISOFT EFI-PRO GW Firmware",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX3-GEPR00010 FLEXISOFT EFI-PRO GW Firmware",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GETC00000 FLEXISOFT ETC GW Firmware",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GETC00040 FLEXISOFT ETC GW Firmware",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GETC00010 FLEXISOFT ETC GW (C) Firmware",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GENT00010 FLEXISOFT EIP GW (C) Firmware",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GPNT00010 FLEXISOFT PNET GW (C) Firmware",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": true,
"type": "text/html",
"value": "Missing Authentication for Critical Function in SICK Flexi Classic and Flexi Soft Gateways with Partnumbers 1042193, 1042964, 1044078, 1044072, 1044073, 1044074, 1099830, 1099832, 1127717, 1069070, 1112296, 1051432, 1102420, 1127487, 1121596, 1121597 allows an unauthenticated remote attacker to influence the availability of the device by changing the IP settings of the device via broadcasted UDP packets."
}
],
"value": "Missing Authentication for Critical Function in SICK Flexi Classic and Flexi Soft Gateways with Partnumbers 1042193, 1042964, 1044078, 1044072, 1044073, 1044074, 1099830, 1099832, 1127717, 1069070, 1112296, 1051432, 1102420, 1127487, 1121596, 1121597 allows an unauthenticated remote attacker to influence the availability of the device by changing the IP settings of the device via broadcasted UDP packets."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing Authentication for Critical Function",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-12T12:49:35.619Z",
"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"shortName": "SICK AG"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://sick.com/psirt"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0003.pdf"
},
{
"tags": [
"x_csaf"
],
"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0003.json"
}
],
"source": {
"discovery": "INTERNAL"
},
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": true,
"type": "text/html",
"value": "Please make sure that you apply general security practices when operating the Flexi Classic and Flexi Soft Gateways like network segmentation. The following General Security Practices and Operating Guidelines could mitigate the associated security risk."
}
],
"value": "Please make sure that you apply general security practices when operating the Flexi Classic and Flexi Soft Gateways like network segmentation. The following General Security Practices and Operating Guidelines could mitigate the associated security risk."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"assignerShortName": "SICK AG",
"cveId": "CVE-2023-23444",
"datePublished": "2023-05-12T12:39:26.532Z",
"dateReserved": "2023-01-12T04:07:53.938Z",
"dateUpdated": "2025-01-24T16:16:26.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23444 (GCVE-0-2023-23444)
Vulnerability from nvd – Published: 2023-05-12 12:39 – Updated: 2025-01-24 16:16
VLAI?
Summary
Missing Authentication for Critical Function in SICK Flexi Classic and Flexi Soft Gateways with Partnumbers 1042193, 1042964, 1044078, 1044072, 1044073, 1044074, 1099830, 1099832, 1127717, 1069070, 1112296, 1051432, 1102420, 1127487, 1121596, 1121597 allows an unauthenticated remote attacker to influence the availability of the device by changing the IP settings of the device via broadcasted UDP packets.
Severity ?
7.5 (High)
CWE
- Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| SICK AG | UE410-EN3 FLEXI ETHERNET GATEW. |
Affected:
all firmware versions
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:28:41.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://sick.com/psirt"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0003.pdf"
},
{
"tags": [
"x_csaf",
"x_transferred"
],
"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0003.json"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23444",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T16:15:46.625483Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T16:16:26.175Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "UE410-EN3 FLEXI ETHERNET GATEW.",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "UE410-EN1 FLEXI ETHERNET GATEW.",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "UE410-EN4 FLEXI ETHERNET GATEW.",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GENT00000 FLEXISOFT EIP GATEW.",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GMOD00000 FLEXISOFT MOD GATEW.",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GPNT00000 FLEXISOFT PNET GATEW.",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GENT00030 FLEXISOFT EIP GATEW.V2",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GPNT00030 FLEXISOFT PNET GATEW.V2",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GMOD00010 FLEXISOFT MOD GW (C)",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX3-GEPR00000 FLEXISOFT EFI-PRO GW",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX3-GEPR00010 FLEXISOFT EFI-PRO GW",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GETC00000 FLEXISOFT ETC GW",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GETC00040 FLEXISOFT ETC GW",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GETC00010 FLEXISOFT ETC GW (C)",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GENT00010 FLEXISOFT EIP GW (C)",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GPNT00010 FLEXISOFT PNET GW (C)",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "UE410-EN3 FLEXI ETHERNET GATEW. Firmware",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "UE410-EN1 FLEXI ETHERNET GATEW. Firmware",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "UE410-EN4 FLEXI ETHERNET GATEW. Firmware",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GENT00000 FLEXISOFT EIP GATEW. Firmware",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GMOD00000 FLEXISOFT MOD GATEW. Firmware",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GPNT00000 FLEXISOFT PNET GATEW. Firmware",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GENT00030 FLEXISOFT EIP GATEW.V2 Firmware",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 Firmware",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GMOD00010 FLEXISOFT MOD GW (C) Firmware",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX3-GEPR00000 FLEXISOFT EFI-PRO GW Firmware",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX3-GEPR00010 FLEXISOFT EFI-PRO GW Firmware",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GETC00000 FLEXISOFT ETC GW Firmware",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GETC00040 FLEXISOFT ETC GW Firmware",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GETC00010 FLEXISOFT ETC GW (C) Firmware",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GENT00010 FLEXISOFT EIP GW (C) Firmware",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"defaultStatus": "affected",
"product": "FX0-GPNT00010 FLEXISOFT PNET GW (C) Firmware",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": true,
"type": "text/html",
"value": "Missing Authentication for Critical Function in SICK Flexi Classic and Flexi Soft Gateways with Partnumbers 1042193, 1042964, 1044078, 1044072, 1044073, 1044074, 1099830, 1099832, 1127717, 1069070, 1112296, 1051432, 1102420, 1127487, 1121596, 1121597 allows an unauthenticated remote attacker to influence the availability of the device by changing the IP settings of the device via broadcasted UDP packets."
}
],
"value": "Missing Authentication for Critical Function in SICK Flexi Classic and Flexi Soft Gateways with Partnumbers 1042193, 1042964, 1044078, 1044072, 1044073, 1044074, 1099830, 1099832, 1127717, 1069070, 1112296, 1051432, 1102420, 1127487, 1121596, 1121597 allows an unauthenticated remote attacker to influence the availability of the device by changing the IP settings of the device via broadcasted UDP packets."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing Authentication for Critical Function",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-12T12:49:35.619Z",
"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"shortName": "SICK AG"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://sick.com/psirt"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0003.pdf"
},
{
"tags": [
"x_csaf"
],
"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0003.json"
}
],
"source": {
"discovery": "INTERNAL"
},
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": true,
"type": "text/html",
"value": "Please make sure that you apply general security practices when operating the Flexi Classic and Flexi Soft Gateways like network segmentation. The following General Security Practices and Operating Guidelines could mitigate the associated security risk."
}
],
"value": "Please make sure that you apply general security practices when operating the Flexi Classic and Flexi Soft Gateways like network segmentation. The following General Security Practices and Operating Guidelines could mitigate the associated security risk."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"assignerShortName": "SICK AG",
"cveId": "CVE-2023-23444",
"datePublished": "2023-05-12T12:39:26.532Z",
"dateReserved": "2023-01-12T04:07:53.938Z",
"dateUpdated": "2025-01-24T16:16:26.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}