cvelistv5 - cve-2023-23451

CVE-2023-23451 (GCVE-0-2023-23451)

Vulnerability from cvelistv5 – Published: 2023-04-19 00:00 – Updated: 2025-02-05 15:24

Summary

The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN1 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN3S04 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN4 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK FX0-GENT00000 FLEXISOFT EIP GATEW. with serial number <=2311xxxx with Firmware <=V2.11.0, SICK FX0-GMOD00000 FLEXISOFT MOD GATEW. with serial number <=2311xxxx with Firmware <=V2.11.0, SICK FX0-GPNT00000 FLEXISOFT PNET GATEW. with serial number <=2311xxxx with Firmware <=V2.12.0, SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2 with serial number <=2311xxxx all Firmware versions, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 with serial number <=2311xxxx all Firmware versions and SICK FX0-GMOD00010 FLEXISOFT MOD GW with serial number <=2311xxxx with Firmware <=V2.11.0 all have Telnet enabled by factory default. No password is set in the default configuration.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-477

Assigner

SICK AG

References

URL

Tags

https://sick.com/psirt

Impacted products

	Vendor	Product	Version
	N/A	SICK FX0-GENT00000, SICK FX0-GENT00030, SICK FX0-GMOD00000, SICK FX0-GMOD00010, SICK FX0-GPNT00000, SICK FX0-GPNT00030, SICK UE410-EN1, SICK UE410-EN3, SICK UE410-EN3S04, SICK UE410-EN4	Affected: <=2311xxxx Affected: <=V2.11.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:28:40.926Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://sick.com/psirt"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-23451",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-05T15:22:34.735214Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-05T15:24:56.399Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SICK FX0-GENT00000, SICK FX0-GENT00030, SICK FX0-GMOD00000, SICK FX0-GMOD00010, SICK FX0-GPNT00000, SICK FX0-GPNT00030, SICK UE410-EN1, SICK UE410-EN3, SICK UE410-EN3S04, SICK UE410-EN4",
          "vendor": "N/A",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c=2311xxxx"
            },
            {
              "status": "affected",
              "version": "\u003c=V2.11.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions, SICK UE410-EN1 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions, SICK UE410-EN3S04 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions, SICK UE410-EN4 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions, SICK FX0-GENT00000 FLEXISOFT EIP GATEW. with serial number \u003c=2311xxxx with Firmware \u003c=V2.11.0, SICK FX0-GMOD00000 FLEXISOFT MOD GATEW. with serial number \u003c=2311xxxx with Firmware \u003c=V2.11.0, SICK FX0-GPNT00000 FLEXISOFT PNET GATEW. with serial number \u003c=2311xxxx with Firmware \u003c=V2.12.0, SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2 with serial number \u003c=2311xxxx all Firmware versions, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 with serial number \u003c=2311xxxx all Firmware versions and SICK FX0-GMOD00010 FLEXISOFT MOD GW with serial number \u003c=2311xxxx with Firmware \u003c=V2.11.0 all have Telnet enabled by factory default. No password is set in the default configuration."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-477",
              "description": "CWE-477",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-14T16:42:41.838Z",
        "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "shortName": "SICK AG"
      },
      "references": [
        {
          "url": "https://sick.com/psirt"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
    "assignerShortName": "SICK AG",
    "cveId": "CVE-2023-23451",
    "datePublished": "2023-04-19T00:00:00.000Z",
    "dateReserved": "2023-01-12T00:00:00.000Z",
    "dateUpdated": "2025-02-05T15:24:56.399Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sick:ue410-en3_firmware:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2AA9F3C9-61F5-4C21-9650-76C0FC9C51EE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sick:ue410-en3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4F4C5D33-6A97-4509-8151-65D79F03F18A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sick:ue410-en1_firmware:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DF96D6FC-3053-433E-8B7D-CEA3C7FC7CBA\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sick:ue410-en1:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A963DB6B-C9A9-4B1D-A239-C7B608F2CBD1\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sick:ue410-en3s04_firmware:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB62B37C-E8E4-4305-8F6A-127765CC54AD\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sick:ue410-en3s04:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"06416A50-B978-4F67-AA50-010ECBD2DB2F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sick:ue410-en4_firmware:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"30951A8A-8B78-4F58-8E8B-5697F89B332A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sick:ue410-en4:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"593FA8EA-007A-47C0-9F22-89E420BBE0D4\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sick:fx0-gent00000_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.11.0\", \"matchCriteriaId\": \"87586615-29B4-46E4-9CE7-F7BB8F012155\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sick:fx0-gent00000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EAB590A4-F5E4-4A17-B5A6-33A995C96BAB\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sick:fx0-gmod00000_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.11.0\", \"matchCriteriaId\": \"042B4FDB-BC05-43D6-84FC-F65203CDBE0D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sick:fx0-gmod00000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D96296E7-65D3-4C0A-8126-4AA8BEF85B39\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sick:fx0-gpnt00000_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.12.0\", \"matchCriteriaId\": \"61F9ADB1-DBED-4AC6-9CED-C0CCAC7C31F7\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sick:fx0-gpnt00000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF3BF752-4F49-4E90-9790-1913ED64D8B3\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sick:fx0-gent00030_firmware:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F133BB19-8D61-4BD7-B706-A3FD81E71ECD\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sick:fx0-gent00030:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1809BCF9-541E-4348-87A3-4CB37D680704\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sick:fx0-gpnt00030_firmware:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"96A20EA8-57F4-4CDD-8F44-F02E2FC010AA\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sick:fx0-gpnt00030:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4CABEFF4-C0A4-4054-8174-7B3762BC0C3F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sick:fx0-gmod00010_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.11.0\", \"matchCriteriaId\": \"D09286BA-A20C-44DA-BE0C-98EF4851BA73\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sick:fx0-gmod00010:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97742720-A8E3-49FE-BE43-EFF720F3D52D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions, SICK UE410-EN1 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions, SICK UE410-EN3S04 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions, SICK UE410-EN4 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions, SICK FX0-GENT00000 FLEXISOFT EIP GATEW. with serial number \u003c=2311xxxx with Firmware \u003c=V2.11.0, SICK FX0-GMOD00000 FLEXISOFT MOD GATEW. with serial number \u003c=2311xxxx with Firmware \u003c=V2.11.0, SICK FX0-GPNT00000 FLEXISOFT PNET GATEW. with serial number \u003c=2311xxxx with Firmware \u003c=V2.12.0, SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2 with serial number \u003c=2311xxxx all Firmware versions, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 with serial number \u003c=2311xxxx all Firmware versions and SICK FX0-GMOD00010 FLEXISOFT MOD GW with serial number \u003c=2311xxxx with Firmware \u003c=V2.11.0 all have Telnet enabled by factory default. No password is set in the default configuration.\"}, {\"lang\": \"es\", \"value\": \"El Flexi Classic y Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW. con n\\u00famero de serie \u0026lt;=2311xxxx todas las versiones de Firmware, SICK UE410-EN1 FLEXI ETHERNET GATEW. con n\\u00famero de serie \u0026lt;=2311xxxx todas las versiones de Firmware, SICK UE410-EN3S04 FLEXI ETHERNET GATEW. con n\\u00famero de serie \u0026lt;=2311xxxx todas las versiones de Firmware, SICK UE410-EN4 FLEXI ETHERNET GATEW. con n\\u00famero de serie \u0026lt;=2311xxxx todas las versiones de firmware, SICK FX0-GENT00000 FLEXISOFT EIP GATEW. con n\\u00famero de serie \u0026lt;=2311xxxx con Firmware \u0026lt;=V2.11.0, SICK FX0-GMOD00000 FLEXISOFT MOD GATEW. con n\\u00famero de serie \u0026lt;=2311xxxx con Firmware \u0026lt;=V2.11.0, SICK FX0-GPNT00000 FLEXISOFT PNET GATEW. con n\\u00famero de serie \u0026lt;=2311xxxx con firmware \u0026lt;=V2.12.0, SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2 con n\\u00famero de serie \u0026lt;=2311xxxx todas las versiones de firmware, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 con n\\u00famero de serie \u0026lt;=2311xxxx todo el firmware Las versiones y SICK FX0-GMOD00010 FLEXISOFT MOD GW con n\\u00famero de serie \u0026lt;=2311xxxx con firmware \u0026lt;=V2.11.0 tienen Telnet habilitado de forma predeterminada. No se establece ninguna contrase\\u00f1a en la configuraci\\u00f3n predeterminada.\"}]",
      "id": "CVE-2023-23451",
      "lastModified": "2024-11-21T07:46:13.523",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
      "published": "2023-04-19T23:15:06.970",
      "references": "[{\"url\": \"https://sick.com/psirt\", \"source\": \"psirt@sick.de\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://sick.com/psirt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@sick.de",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"psirt@sick.de\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-477\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-306\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-23451\",\"sourceIdentifier\":\"psirt@sick.de\",\"published\":\"2023-04-19T23:15:06.970\",\"lastModified\":\"2025-02-05T16:15:35.057\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions, SICK UE410-EN1 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions, SICK UE410-EN3S04 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions, SICK UE410-EN4 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions, SICK FX0-GENT00000 FLEXISOFT EIP GATEW. with serial number \u003c=2311xxxx with Firmware \u003c=V2.11.0, SICK FX0-GMOD00000 FLEXISOFT MOD GATEW. with serial number \u003c=2311xxxx with Firmware \u003c=V2.11.0, SICK FX0-GPNT00000 FLEXISOFT PNET GATEW. with serial number \u003c=2311xxxx with Firmware \u003c=V2.12.0, SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2 with serial number \u003c=2311xxxx all Firmware versions, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 with serial number \u003c=2311xxxx all Firmware versions and SICK FX0-GMOD00010 FLEXISOFT MOD GW with serial number \u003c=2311xxxx with Firmware \u003c=V2.11.0 all have Telnet enabled by factory default. No password is set in the default configuration.\"},{\"lang\":\"es\",\"value\":\"El Flexi Classic y Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW. con n\u00famero de serie \u0026lt;=2311xxxx todas las versiones de Firmware, SICK UE410-EN1 FLEXI ETHERNET GATEW. con n\u00famero de serie \u0026lt;=2311xxxx todas las versiones de Firmware, SICK UE410-EN3S04 FLEXI ETHERNET GATEW. con n\u00famero de serie \u0026lt;=2311xxxx todas las versiones de Firmware, SICK UE410-EN4 FLEXI ETHERNET GATEW. con n\u00famero de serie \u0026lt;=2311xxxx todas las versiones de firmware, SICK FX0-GENT00000 FLEXISOFT EIP GATEW. con n\u00famero de serie \u0026lt;=2311xxxx con Firmware \u0026lt;=V2.11.0, SICK FX0-GMOD00000 FLEXISOFT MOD GATEW. con n\u00famero de serie \u0026lt;=2311xxxx con Firmware \u0026lt;=V2.11.0, SICK FX0-GPNT00000 FLEXISOFT PNET GATEW. con n\u00famero de serie \u0026lt;=2311xxxx con firmware \u0026lt;=V2.12.0, SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2 con n\u00famero de serie \u0026lt;=2311xxxx todas las versiones de firmware, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 con n\u00famero de serie \u0026lt;=2311xxxx todo el firmware Las versiones y SICK FX0-GMOD00010 FLEXISOFT MOD GW con n\u00famero de serie \u0026lt;=2311xxxx con firmware \u0026lt;=V2.11.0 tienen Telnet habilitado de forma predeterminada. No se establece ninguna contrase\u00f1a en la configuraci\u00f3n predeterminada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@sick.de\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-477\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sick:ue410-en3_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AA9F3C9-61F5-4C21-9650-76C0FC9C51EE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sick:ue410-en3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F4C5D33-6A97-4509-8151-65D79F03F18A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sick:ue410-en1_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF96D6FC-3053-433E-8B7D-CEA3C7FC7CBA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sick:ue410-en1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A963DB6B-C9A9-4B1D-A239-C7B608F2CBD1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sick:ue410-en3s04_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB62B37C-E8E4-4305-8F6A-127765CC54AD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sick:ue410-en3s04:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06416A50-B978-4F67-AA50-010ECBD2DB2F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sick:ue410-en4_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30951A8A-8B78-4F58-8E8B-5697F89B332A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sick:ue410-en4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"593FA8EA-007A-47C0-9F22-89E420BBE0D4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sick:fx0-gent00000_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.11.0\",\"matchCriteriaId\":\"87586615-29B4-46E4-9CE7-F7BB8F012155\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sick:fx0-gent00000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAB590A4-F5E4-4A17-B5A6-33A995C96BAB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sick:fx0-gmod00000_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.11.0\",\"matchCriteriaId\":\"042B4FDB-BC05-43D6-84FC-F65203CDBE0D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sick:fx0-gmod00000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D96296E7-65D3-4C0A-8126-4AA8BEF85B39\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sick:fx0-gpnt00000_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.12.0\",\"matchCriteriaId\":\"61F9ADB1-DBED-4AC6-9CED-C0CCAC7C31F7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sick:fx0-gpnt00000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF3BF752-4F49-4E90-9790-1913ED64D8B3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sick:fx0-gent00030_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F133BB19-8D61-4BD7-B706-A3FD81E71ECD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sick:fx0-gent00030:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1809BCF9-541E-4348-87A3-4CB37D680704\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sick:fx0-gpnt00030_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96A20EA8-57F4-4CDD-8F44-F02E2FC010AA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sick:fx0-gpnt00030:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CABEFF4-C0A4-4054-8174-7B3762BC0C3F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sick:fx0-gmod00010_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.11.0\",\"matchCriteriaId\":\"D09286BA-A20C-44DA-BE0C-98EF4851BA73\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sick:fx0-gmod00010:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97742720-A8E3-49FE-BE43-EFF720F3D52D\"}]}]}],\"references\":[{\"url\":\"https://sick.com/psirt\",\"source\":\"psirt@sick.de\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://sick.com/psirt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://sick.com/psirt\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T10:28:40.926Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-23451\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-05T15:22:34.735214Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-05T15:22:50.503Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"N/A\", \"product\": \"SICK FX0-GENT00000, SICK FX0-GENT00030, SICK FX0-GMOD00000, SICK FX0-GMOD00010, SICK FX0-GPNT00000, SICK FX0-GPNT00030, SICK UE410-EN1, SICK UE410-EN3, SICK UE410-EN3S04, SICK UE410-EN4\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c=2311xxxx\"}, {\"status\": \"affected\", \"version\": \"\u003c=V2.11.0\"}]}], \"references\": [{\"url\": \"https://sick.com/psirt\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions, SICK UE410-EN1 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions, SICK UE410-EN3S04 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions, SICK UE410-EN4 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions, SICK FX0-GENT00000 FLEXISOFT EIP GATEW. with serial number \u003c=2311xxxx with Firmware \u003c=V2.11.0, SICK FX0-GMOD00000 FLEXISOFT MOD GATEW. with serial number \u003c=2311xxxx with Firmware \u003c=V2.11.0, SICK FX0-GPNT00000 FLEXISOFT PNET GATEW. with serial number \u003c=2311xxxx with Firmware \u003c=V2.12.0, SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2 with serial number \u003c=2311xxxx all Firmware versions, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 with serial number \u003c=2311xxxx all Firmware versions and SICK FX0-GMOD00010 FLEXISOFT MOD GW with serial number \u003c=2311xxxx with Firmware \u003c=V2.11.0 all have Telnet enabled by factory default. No password is set in the default configuration.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-477\", \"description\": \"CWE-477\"}]}], \"providerMetadata\": {\"orgId\": \"a6863dd2-93fc-443d-bef1-79f0b5020988\", \"shortName\": \"SICK AG\", \"dateUpdated\": \"2023-09-14T16:42:41.838Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-23451\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-05T15:24:56.399Z\", \"dateReserved\": \"2023-01-12T00:00:00.000Z\", \"assignerOrgId\": \"a6863dd2-93fc-443d-bef1-79f0b5020988\", \"datePublished\": \"2023-04-19T00:00:00.000Z\", \"assignerShortName\": \"SICK AG\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GSD-2023-23451

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-23451

Aliases

CVE-2023-23451

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-23451",
    "id": "GSD-2023-23451"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-23451"
      ],
      "details": "The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions, SICK UE410-EN1 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions, SICK UE410-EN3S04 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions, SICK UE410-EN4 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions, SICK FX0-GENT00000 FLEXISOFT EIP GATEW. with serial number \u003c=2311xxxx with Firmware \u003c=V2.11.0, SICK FX0-GMOD00000 FLEXISOFT MOD GATEW. with serial number \u003c=2311xxxx with Firmware \u003c=V2.11.0, SICK FX0-GPNT00000 FLEXISOFT PNET GATEW. with serial number \u003c=2311xxxx with Firmware \u003c=V2.12.0, SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2 with serial number \u003c=2311xxxx all Firmware versions, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 with serial number \u003c=2311xxxx all Firmware versions and SICK FX0-GMOD00010 FLEXISOFT MOD GW with serial number \u003c=2311xxxx with Firmware \u003c=V2.11.0 all have Telnet enabled by factory default. No password is set in the default configuration.",
      "id": "GSD-2023-23451",
      "modified": "2023-12-13T01:20:49.948779Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@sick.de",
        "ID": "CVE-2023-23451",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SICK FX0-GENT00000, SICK FX0-GENT00030, SICK FX0-GMOD00000, SICK FX0-GMOD00010, SICK FX0-GPNT00000, SICK FX0-GPNT00030, SICK UE410-EN1, SICK UE410-EN3, SICK UE410-EN3S04, SICK UE410-EN4",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c=2311xxxx"
                        },
                        {
                          "version_value": "\u003c=V2.11.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "N/A"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions, SICK UE410-EN1 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions, SICK UE410-EN3S04 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions, SICK UE410-EN4 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions, SICK FX0-GENT00000 FLEXISOFT EIP GATEW. with serial number \u003c=2311xxxx with Firmware \u003c=V2.11.0, SICK FX0-GMOD00000 FLEXISOFT MOD GATEW. with serial number \u003c=2311xxxx with Firmware \u003c=V2.11.0, SICK FX0-GPNT00000 FLEXISOFT PNET GATEW. with serial number \u003c=2311xxxx with Firmware \u003c=V2.12.0, SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2 with serial number \u003c=2311xxxx all Firmware versions, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 with serial number \u003c=2311xxxx all Firmware versions and SICK FX0-GMOD00010 FLEXISOFT MOD GW with serial number \u003c=2311xxxx with Firmware \u003c=V2.11.0 all have Telnet enabled by factory default. No password is set in the default configuration."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-477"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://sick.com/psirt",
            "refsource": "MISC",
            "url": "https://sick.com/psirt"
          },
          {
            "name": "https://sick.com/psirt",
            "refsource": "MISC",
            "url": "https://sick.com/psirt"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sick:ue410-en3_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sick:ue410-en3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sick:ue410-en1_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sick:ue410-en1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sick:ue410-en3s04_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sick:ue410-en3s04:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sick:ue410-en4_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sick:ue410-en4:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sick:fx0-gent00000_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.11.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sick:fx0-gent00000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sick:fx0-gmod00000_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.11.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sick:fx0-gmod00000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sick:fx0-gpnt00000_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.12.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sick:fx0-gpnt00000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sick:fx0-gent00030_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sick:fx0-gent00030:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sick:fx0-gpnt00030_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sick:fx0-gpnt00030:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sick:fx0-gmod00010_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.11.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sick:fx0-gmod00010:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@sick.de",
          "ID": "CVE-2023-23451"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions, SICK UE410-EN1 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions, SICK UE410-EN3S04 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions, SICK UE410-EN4 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions, SICK FX0-GENT00000 FLEXISOFT EIP GATEW. with serial number \u003c=2311xxxx with Firmware \u003c=V2.11.0, SICK FX0-GMOD00000 FLEXISOFT MOD GATEW. with serial number \u003c=2311xxxx with Firmware \u003c=V2.11.0, SICK FX0-GPNT00000 FLEXISOFT PNET GATEW. with serial number \u003c=2311xxxx with Firmware \u003c=V2.12.0, SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2 with serial number \u003c=2311xxxx all Firmware versions, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 with serial number \u003c=2311xxxx all Firmware versions and SICK FX0-GMOD00010 FLEXISOFT MOD GW with serial number \u003c=2311xxxx with Firmware \u003c=V2.11.0 all have Telnet enabled by factory default. No password is set in the default configuration."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-306"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://sick.com/psirt",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://sick.com/psirt"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-09-14T17:15Z",
      "publishedDate": "2023-04-19T23:15Z"
    }
  }
}

FKIE_CVE-2023-23451

Vulnerability from fkie_nvd - Published: 2023-04-19 23:15 - Updated: 2025-02-05 16:15

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	psirt@sick.de	https://sick.com/psirt	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://sick.com/psirt	Vendor Advisory

Impacted products

Vendor	Product	Version
sick	ue410-en3_firmware	*
sick	ue410-en3	-
sick	ue410-en1_firmware	*
sick	ue410-en1	-
sick	ue410-en3s04_firmware	*
sick	ue410-en3s04	-
sick	ue410-en4_firmware	*
sick	ue410-en4	-
sick	fx0-gent00000_firmware	*
sick	fx0-gent00000	-
sick	fx0-gmod00000_firmware	*
sick	fx0-gmod00000	-
sick	fx0-gpnt00000_firmware	*
sick	fx0-gpnt00000	-
sick	fx0-gent00030_firmware	*
sick	fx0-gent00030	-
sick	fx0-gpnt00030_firmware	*
sick	fx0-gpnt00030	-
sick	fx0-gmod00010_firmware	*
sick	fx0-gmod00010	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sick:ue410-en3_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AA9F3C9-61F5-4C21-9650-76C0FC9C51EE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sick:ue410-en3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F4C5D33-6A97-4509-8151-65D79F03F18A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sick:ue410-en1_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF96D6FC-3053-433E-8B7D-CEA3C7FC7CBA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sick:ue410-en1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A963DB6B-C9A9-4B1D-A239-C7B608F2CBD1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sick:ue410-en3s04_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB62B37C-E8E4-4305-8F6A-127765CC54AD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sick:ue410-en3s04:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "06416A50-B978-4F67-AA50-010ECBD2DB2F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sick:ue410-en4_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "30951A8A-8B78-4F58-8E8B-5697F89B332A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sick:ue410-en4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "593FA8EA-007A-47C0-9F22-89E420BBE0D4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sick:fx0-gent00000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "87586615-29B4-46E4-9CE7-F7BB8F012155",
              "versionEndIncluding": "2.11.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sick:fx0-gent00000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAB590A4-F5E4-4A17-B5A6-33A995C96BAB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sick:fx0-gmod00000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "042B4FDB-BC05-43D6-84FC-F65203CDBE0D",
              "versionEndIncluding": "2.11.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sick:fx0-gmod00000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D96296E7-65D3-4C0A-8126-4AA8BEF85B39",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sick:fx0-gpnt00000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "61F9ADB1-DBED-4AC6-9CED-C0CCAC7C31F7",
              "versionEndIncluding": "2.12.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sick:fx0-gpnt00000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF3BF752-4F49-4E90-9790-1913ED64D8B3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sick:fx0-gent00030_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F133BB19-8D61-4BD7-B706-A3FD81E71ECD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sick:fx0-gent00030:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1809BCF9-541E-4348-87A3-4CB37D680704",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sick:fx0-gpnt00030_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "96A20EA8-57F4-4CDD-8F44-F02E2FC010AA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sick:fx0-gpnt00030:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CABEFF4-C0A4-4054-8174-7B3762BC0C3F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sick:fx0-gmod00010_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D09286BA-A20C-44DA-BE0C-98EF4851BA73",
              "versionEndIncluding": "2.11.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sick:fx0-gmod00010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97742720-A8E3-49FE-BE43-EFF720F3D52D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions, SICK UE410-EN1 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions, SICK UE410-EN3S04 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions, SICK UE410-EN4 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions, SICK FX0-GENT00000 FLEXISOFT EIP GATEW. with serial number \u003c=2311xxxx with Firmware \u003c=V2.11.0, SICK FX0-GMOD00000 FLEXISOFT MOD GATEW. with serial number \u003c=2311xxxx with Firmware \u003c=V2.11.0, SICK FX0-GPNT00000 FLEXISOFT PNET GATEW. with serial number \u003c=2311xxxx with Firmware \u003c=V2.12.0, SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2 with serial number \u003c=2311xxxx all Firmware versions, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 with serial number \u003c=2311xxxx all Firmware versions and SICK FX0-GMOD00010 FLEXISOFT MOD GW with serial number \u003c=2311xxxx with Firmware \u003c=V2.11.0 all have Telnet enabled by factory default. No password is set in the default configuration."
    },
    {
      "lang": "es",
      "value": "El Flexi Classic y Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW. con n\u00famero de serie \u0026lt;=2311xxxx todas las versiones de Firmware, SICK UE410-EN1 FLEXI ETHERNET GATEW. con n\u00famero de serie \u0026lt;=2311xxxx todas las versiones de Firmware, SICK UE410-EN3S04 FLEXI ETHERNET GATEW. con n\u00famero de serie \u0026lt;=2311xxxx todas las versiones de Firmware, SICK UE410-EN4 FLEXI ETHERNET GATEW. con n\u00famero de serie \u0026lt;=2311xxxx todas las versiones de firmware, SICK FX0-GENT00000 FLEXISOFT EIP GATEW. con n\u00famero de serie \u0026lt;=2311xxxx con Firmware \u0026lt;=V2.11.0, SICK FX0-GMOD00000 FLEXISOFT MOD GATEW. con n\u00famero de serie \u0026lt;=2311xxxx con Firmware \u0026lt;=V2.11.0, SICK FX0-GPNT00000 FLEXISOFT PNET GATEW. con n\u00famero de serie \u0026lt;=2311xxxx con firmware \u0026lt;=V2.12.0, SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2 con n\u00famero de serie \u0026lt;=2311xxxx todas las versiones de firmware, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 con n\u00famero de serie \u0026lt;=2311xxxx todo el firmware Las versiones y SICK FX0-GMOD00010 FLEXISOFT MOD GW con n\u00famero de serie \u0026lt;=2311xxxx con firmware \u0026lt;=V2.11.0 tienen Telnet habilitado de forma predeterminada. No se establece ninguna contrase\u00f1a en la configuraci\u00f3n predeterminada."
    }
  ],
  "id": "CVE-2023-23451",
  "lastModified": "2025-02-05T16:15:35.057",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-04-19T23:15:06.970",
  "references": [
    {
      "source": "psirt@sick.de",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sick.com/psirt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sick.com/psirt"
    }
  ],
  "sourceIdentifier": "psirt@sick.de",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-477"
        }
      ],
      "source": "psirt@sick.de",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-J4PP-RP58-2QHJ

Vulnerability from github – Published: 2023-04-20 00:30 – Updated: 2024-04-04 03:36

Details

The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW., SICK UE410-EN1 FLEXI ETHERNET GATEW., SICK UE410-EN3S04 FLEXI ETHERNET GATEW., SICK UE410-EN4 FLEXI ETHERNET GATEW., SICK FX0-GENT00000 FLEXISOFT EIP GATEW., SICK FX0-GMOD00000 FLEXISOFT MOD GATEW., SICK FX0-GPNT00000 FLEXISOFT PNET GATEW., SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 and SICK FX0-GMOD00010 FLEXISOFT MOD GW. have Telnet enabled by factory default. No password is set in the default configuration. Gateways with a serial number >2311xxxx have the Telnet interface disabled by factory default.

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-23451"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-306",
      "CWE-477"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-19T23:15:06Z",
    "severity": "CRITICAL"
  },
  "details": "The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW., SICK UE410-EN1 FLEXI ETHERNET GATEW., SICK UE410-EN3S04 FLEXI ETHERNET GATEW., SICK UE410-EN4 FLEXI ETHERNET GATEW., SICK FX0-GENT00000 FLEXISOFT EIP GATEW., SICK FX0-GMOD00000 FLEXISOFT MOD GATEW., SICK FX0-GPNT00000 FLEXISOFT PNET GATEW., SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 and SICK FX0-GMOD00010 FLEXISOFT MOD GW. have Telnet enabled by factory default. No password is set in the default configuration. Gateways with a serial number \u003e2311xxxx have the Telnet interface disabled by factory default.",
  "id": "GHSA-j4pp-rp58-2qhj",
  "modified": "2024-04-04T03:36:30Z",
  "published": "2023-04-20T00:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23451"
    },
    {
      "type": "WEB",
      "url": "https://sick.com/psirt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

SCA-2023-0002

Vulnerability from csaf_sick - Published: 2023-04-11 10:00 - Updated: 2023-04-11 10:00

Summary

Use of Telnet in multiple SICK Flexi Soft and Flexi Classic Gateways

Notes

Several versions of the SICK Flexi Soft Gateways FX0-GENT, FX0-GMOD, FX0-GPNT and SICK Flexi Classic Gateway UE410 provide a Telnet interface for debugging, which is enabled by factory default. No password is set in the default configuration. If the password is not set by the customer, a remote unauthorized adversary could connect via Telnet. The adversary may use the debugging interface to subsequently gain access to the boot loader and in the worst case modify the firmware of the devices. Gateways with a serial number >2311xxxx have the Telnet interface disabled by factory default.

General Security Measures

As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.

Vulnerability Classification

SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "summary",
        "text": "Several versions of the SICK Flexi Soft Gateways FX0-GENT, FX0-GMOD, FX0-GPNT and SICK Flexi Classic Gateway UE410 provide a Telnet interface for debugging, which is enabled by factory default. No password is set in the default configuration.\n\nIf the password is not set by the customer, a remote unauthorized adversary could connect via Telnet. The adversary may use the debugging interface to subsequently gain access to the boot loader and in the worst case modify the firmware of the devices.\n\nGateways with a serial number \u003e2311xxxx have the Telnet interface disabled by factory default."
      },
      {
        "category": "general",
        "text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.",
        "title": "General Security Measures"
      },
      {
        "category": "general",
        "text": "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer\u2019s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.",
        "title": "Vulnerability Classification"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@sick.de",
      "issuing_authority": "SICK PSIRT is responsible for any vulnerabilities related to SICK products.",
      "name": "SICK PSIRT",
      "namespace": "https://www.sick.com/psirt"
    },
    "references": [
      {
        "summary": "SICK PSIRT Security Advisories",
        "url": "https://sick.com/psirt"
      },
      {
        "summary": "SICK Operating Guidelines",
        "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
      },
      {
        "summary": "ICS-CERT recommended practices on Industrial Security",
        "url": "http://ics-cert.us-cert.gov/content/recommended-practices"
      },
      {
        "summary": "CVSS v3.1 Calculator",
        "url": "https://www.first.org/cvss/calculator/3.1"
      },
      {
        "category": "self",
        "summary": "The canonical URL.",
        "url": "https://www.sick.com/.well-known/csaf/white/2023/sca-2023-0002.json"
      },
      {
        "category": "self",
        "summary": "The canonical PDF URL.",
        "url": "https://www.sick.com/.well-known/csaf/white/2023/sca-2023-0002.pdf"
      }
    ],
    "title": "Use of Telnet in multiple SICK Flexi Soft and Flexi Classic Gateways",
    "tracking": {
      "current_release_date": "2023-04-11T10:00:00.000Z",
      "generator": {
        "date": "2023-04-11T10:00:00.000Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.0.0"
        }
      },
      "id": "SCA-2023-0002",
      "initial_release_date": "2023-04-11T10:00:00.000Z",
      "revision_history": [
        {
          "date": "2023-04-11T10:00:00.000Z",
          "number": "1",
          "summary": "Initial Release"
        },
        {
          "date": "2025-07-30T07:30:00.000Z",
          "number": "2",
          "summary": "Updated Advisory: URL for SICK Operating Guidelines has been updated"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "serial number \u003c=2311xxxx",
                "product": {
                  "name": "SICK UE410-EN3 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx",
                  "product_id": "CSAFPID-0001",
                  "product_identification_helper": {
                    "skus": [
                      "1042193"
                    ]
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "serial number \u003e2311xxxx",
                "product": {
                  "name": "SICK UE410-EN3 FLEXI ETHERNET GATEW. with serial number \u003e2311xxxx",
                  "product_id": "CSAFPID-0002",
                  "product_identification_helper": {
                    "skus": [
                      "1042193"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "UE410-EN3 FLEXI ETHERNET GATEW."
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "serial number \u003c=2311xxxx",
                "product": {
                  "name": "SICK UE410-EN1 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx",
                  "product_id": "CSAFPID-0003",
                  "product_identification_helper": {
                    "skus": [
                      "1042964"
                    ]
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "serial number \u003e2311xxxx",
                "product": {
                  "name": "SICK UE410-EN1 FLEXI ETHERNET GATEW. with serial number \u003e2311xxxx",
                  "product_id": "CSAFPID-0004",
                  "product_identification_helper": {
                    "skus": [
                      "1042964"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "UE410-EN1 FLEXI ETHERNET GATEW."
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "serial number \u003c=2311xxxx",
                "product": {
                  "name": "SICK UE410-EN3S04 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx",
                  "product_id": "CSAFPID-0005",
                  "product_identification_helper": {
                    "skus": [
                      "1123789"
                    ]
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "serial number \u003e2311xxxx",
                "product": {
                  "name": "SICK UE410-EN3S04 FLEXI ETHERNET GATEW. with serial number \u003e2311xxxx",
                  "product_id": "CSAFPID-0006",
                  "product_identification_helper": {
                    "skus": [
                      "1123789"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "UE410-EN3S04 FLEXI ETHERNET GATEW."
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "serial number \u003c=2311xxxx",
                "product": {
                  "name": "SICK UE410-EN4 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx",
                  "product_id": "CSAFPID-0007",
                  "product_identification_helper": {
                    "skus": [
                      "1044078"
                    ]
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "serial number \u003e2311xxxx",
                "product": {
                  "name": "SICK UE410-EN4 FLEXI ETHERNET GATEW. with serial number \u003e2311xxxx",
                  "product_id": "CSAFPID-0008",
                  "product_identification_helper": {
                    "skus": [
                      "1044078"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "UE410-EN4 FLEXI ETHERNET GATEW."
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "serial number \u003c=2311xxxx",
                "product": {
                  "name": "SICK FX0-GENT00000 FLEXISOFT EIP GATEW. with serial number \u003c=2311xxxx",
                  "product_id": "CSAFPID-0009",
                  "product_identification_helper": {
                    "skus": [
                      "1044072"
                    ]
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "serial number \u003e2311xxxx",
                "product": {
                  "name": "SICK FX0-GENT00000 FLEXISOFT EIP GATEW. with serial number \u003e2311xxxx",
                  "product_id": "CSAFPID-0010",
                  "product_identification_helper": {
                    "skus": [
                      "1044072"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FX0-GENT00000 FLEXISOFT EIP GATEW."
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "serial number \u003c=2311xxxx",
                "product": {
                  "name": "SICK FX0-GMOD00000 FLEXISOFT MOD GATEW. with serial number \u003c=2311xxxx",
                  "product_id": "CSAFPID-0011",
                  "product_identification_helper": {
                    "skus": [
                      "1044073"
                    ]
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "serial number \u003e2311xxxx",
                "product": {
                  "name": "SICK FX0-GMOD00000 FLEXISOFT MOD GATEW. with serial number \u003e2311xxxx",
                  "product_id": "CSAFPID-0012",
                  "product_identification_helper": {
                    "skus": [
                      "1044073"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FX0-GMOD00000 FLEXISOFT MOD GATEW."
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "serial number \u003c=2311xxxx",
                "product": {
                  "name": "SICK FX0-GPNT00000 FLEXISOFT PNET GATEW. with serial number \u003c=2311xxxx",
                  "product_id": "CSAFPID-0013",
                  "product_identification_helper": {
                    "skus": [
                      "1044074"
                    ]
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "serial number \u003e2311xxxx",
                "product": {
                  "name": "SICK FX0-GPNT00000 FLEXISOFT PNET GATEW. with serial number \u003e2311xxxx",
                  "product_id": "CSAFPID-0014",
                  "product_identification_helper": {
                    "skus": [
                      "1044074"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FX0-GPNT00000 FLEXISOFT PNET GATEW."
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "serial number \u003c=2311xxxx",
                "product": {
                  "name": "SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2 with serial number \u003c=2311xxxx",
                  "product_id": "CSAFPID-0015",
                  "product_identification_helper": {
                    "skus": [
                      "1099830"
                    ]
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "serial number \u003e2311xxxx",
                "product": {
                  "name": "SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2 with serial number \u003e2311xxxx",
                  "product_id": "CSAFPID-0016",
                  "product_identification_helper": {
                    "skus": [
                      "1099830"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FX0-GENT00030 FLEXISOFT EIP GATEW.V2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "serial number \u003c=2311xxxx",
                "product": {
                  "name": "SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 with serial number \u003c=2311xxxx",
                  "product_id": "CSAFPID-0017",
                  "product_identification_helper": {
                    "skus": [
                      "1099832"
                    ]
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "serial number \u003e2311xxxx",
                "product": {
                  "name": "SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 with serial number \u003e2311xxxx",
                  "product_id": "CSAFPID-0018",
                  "product_identification_helper": {
                    "skus": [
                      "1099832"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FX0-GPNT00030 FLEXISOFT PNET GATEW.V2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "serial number \u003c=2311xxxx",
                "product": {
                  "name": "SICK FX0-GMOD00010 FLEXISOFT MOD GW \u00a0(C) with serial number \u003c=2311xxxx",
                  "product_id": "CSAFPID-0019",
                  "product_identification_helper": {
                    "skus": [
                      "1127717"
                    ]
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "serial number \u003e2311xxxx",
                "product": {
                  "name": "SICK FX0-GMOD00010 FLEXISOFT MOD GW \u00a0(C) with serial number \u003e2311xxxx",
                  "product_id": "CSAFPID-0020",
                  "product_identification_helper": {
                    "skus": [
                      "1127717"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FX0-GMOD00010 FLEXISOFT MOD GW \u00a0(C)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SICK UE410-EN3 FLEXI ETHERNET GATEW. Firmware all versions",
                  "product_id": "CSAFPID-0021"
                }
              }
            ],
            "category": "product_name",
            "name": "UE410-EN3 FLEXI ETHERNET GATEW. Firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SICK UE410-EN1 FLEXI ETHERNET GATEW. Firmware all versions",
                  "product_id": "CSAFPID-0022"
                }
              }
            ],
            "category": "product_name",
            "name": "UE410-EN1 FLEXI ETHERNET GATEW. Firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SICK UE410-EN3S04 FLEXI ETHERNET GATEW. Firmware all versions",
                  "product_id": "CSAFPID-0023"
                }
              }
            ],
            "category": "product_name",
            "name": "UE410-EN3S04 FLEXI ETHERNET GATEW. Firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SICK UE410-EN4 FLEXI ETHERNET GATEW. Firmware all versions",
                  "product_id": "CSAFPID-0024"
                }
              }
            ],
            "category": "product_name",
            "name": "UE410-EN4 FLEXI ETHERNET GATEW. Firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=V2.11.0",
                "product": {
                  "name": "SICK FX0-GENT00000 FLEXISOFT EIP GATEW. Firmware \u003c=V2.11.0",
                  "product_id": "CSAFPID-0025"
                }
              }
            ],
            "category": "product_name",
            "name": "FX0-GENT00000 FLEXISOFT EIP GATEW. Firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=V2.11.0",
                "product": {
                  "name": "SICK FX0-GMOD00000 FLEXISOFT MOD GATEW. Firmware \u003c=V2.11.0",
                  "product_id": "CSAFPID-0026"
                }
              }
            ],
            "category": "product_name",
            "name": "FX0-GMOD00000 FLEXISOFT MOD GATEW. Firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=V2.12.0",
                "product": {
                  "name": "SICK FX0-GPNT00000 FLEXISOFT PNET GATEW. Firmware \u003c=V2.12.0",
                  "product_id": "CSAFPID-0027"
                }
              }
            ],
            "category": "product_name",
            "name": "FX0-GPNT00000 FLEXISOFT PNET GATEW. Firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2 Firmware all versions",
                  "product_id": "CSAFPID-0028"
                }
              }
            ],
            "category": "product_name",
            "name": "FX0-GENT00030 FLEXISOFT EIP GATEW.V2 Firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 Firmware all versions",
                  "product_id": "CSAFPID-0029"
                }
              }
            ],
            "category": "product_name",
            "name": "FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 Firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=V2.11.0",
                "product": {
                  "name": "SICK FX0-GMOD00010 FLEXISOFT MOD GW \u00a0(C) Firmware \u003c=V2.11.0",
                  "product_id": "CSAFPID-0030"
                }
              }
            ],
            "category": "product_name",
            "name": "FX0-GMOD00010 FLEXISOFT MOD GW \u00a0(C) Firmware"
          }
        ],
        "category": "vendor",
        "name": "SICK AG"
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK UE410-EN3 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions",
          "product_id": "CSAFPID-0031"
        },
        "product_reference": "CSAFPID-0021",
        "relates_to_product_reference": "CSAFPID-0001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK UE410-EN1 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions",
          "product_id": "CSAFPID-0032"
        },
        "product_reference": "CSAFPID-0022",
        "relates_to_product_reference": "CSAFPID-0003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK UE410-EN3S04 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions",
          "product_id": "CSAFPID-0033"
        },
        "product_reference": "CSAFPID-0023",
        "relates_to_product_reference": "CSAFPID-0005"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK UE410-EN4 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions",
          "product_id": "CSAFPID-0034"
        },
        "product_reference": "CSAFPID-0024",
        "relates_to_product_reference": "CSAFPID-0007"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK FX0-GENT00000 FLEXISOFT EIP GATEW. with serial number \u003c=2311xxxx with Firmware \u003c=V2.11.0",
          "product_id": "CSAFPID-0035"
        },
        "product_reference": "CSAFPID-0025",
        "relates_to_product_reference": "CSAFPID-0009"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK FX0-GMOD00000 FLEXISOFT MOD GATEW. with serial number \u003c=2311xxxx with Firmware \u003c=V2.11.0",
          "product_id": "CSAFPID-0036"
        },
        "product_reference": "CSAFPID-0026",
        "relates_to_product_reference": "CSAFPID-0011"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK FX0-GPNT00000 FLEXISOFT PNET GATEW. with serial number \u003c=2311xxxx with Firmware \u003c=V2.12.0",
          "product_id": "CSAFPID-0037"
        },
        "product_reference": "CSAFPID-0027",
        "relates_to_product_reference": "CSAFPID-0013"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2 with serial number \u003c=2311xxxx all Firmware versions",
          "product_id": "CSAFPID-0038"
        },
        "product_reference": "CSAFPID-0028",
        "relates_to_product_reference": "CSAFPID-0015"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 with serial number \u003c=2311xxxx all Firmware versions",
          "product_id": "CSAFPID-0039"
        },
        "product_reference": "CSAFPID-0029",
        "relates_to_product_reference": "CSAFPID-0017"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK FX0-GMOD00010 FLEXISOFT MOD GW \u00a0(C) with serial number \u003c=2311xxxx with Firmware \u003c=V2.11.0",
          "product_id": "CSAFPID-0040"
        },
        "product_reference": "CSAFPID-0030",
        "relates_to_product_reference": "CSAFPID-0019"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK UE410-EN3 FLEXI ETHERNET GATEW. with serial number \u003e2311xxxx all Firmware versions",
          "product_id": "CSAFPID-0041"
        },
        "product_reference": "CSAFPID-0021",
        "relates_to_product_reference": "CSAFPID-0002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK UE410-EN1 FLEXI ETHERNET GATEW. with serial number \u003e2311xxxx all Firmware versions",
          "product_id": "CSAFPID-0042"
        },
        "product_reference": "CSAFPID-0022",
        "relates_to_product_reference": "CSAFPID-0004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK UE410-EN3S04 FLEXI ETHERNET GATEW. with serial number \u003e2311xxxx all Firmware versions",
          "product_id": "CSAFPID-0043"
        },
        "product_reference": "CSAFPID-0023",
        "relates_to_product_reference": "CSAFPID-0006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK UE410-EN4 FLEXI ETHERNET GATEW. with serial number \u003e2311xxxx all Firmware versions",
          "product_id": "CSAFPID-0044"
        },
        "product_reference": "CSAFPID-0024",
        "relates_to_product_reference": "CSAFPID-0008"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK FX0-GENT00000 FLEXISOFT EIP GATEW. with serial number \u003e2311xxxx with Firmware \u003c=V2.11.0",
          "product_id": "CSAFPID-0045"
        },
        "product_reference": "CSAFPID-0025",
        "relates_to_product_reference": "CSAFPID-0010"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK FX0-GMOD00000 FLEXISOFT MOD GATEW. with serial number \u003e2311xxxx with Firmware \u003c=V2.11.0",
          "product_id": "CSAFPID-0046"
        },
        "product_reference": "CSAFPID-0026",
        "relates_to_product_reference": "CSAFPID-0012"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK FX0-GPNT00000 FLEXISOFT PNET GATEW. with serial number \u003e2311xxxx with Firmware \u003c=V2.12.0",
          "product_id": "CSAFPID-0047"
        },
        "product_reference": "CSAFPID-0027",
        "relates_to_product_reference": "CSAFPID-0014"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2 with serial number \u003e2311xxxx all Firmware versions",
          "product_id": "CSAFPID-0048"
        },
        "product_reference": "CSAFPID-0028",
        "relates_to_product_reference": "CSAFPID-0016"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 with serial number \u003e2311xxxx all Firmware versions",
          "product_id": "CSAFPID-0049"
        },
        "product_reference": "CSAFPID-0029",
        "relates_to_product_reference": "CSAFPID-0018"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK FX0-GMOD00010 FLEXISOFT MOD GW \u00a0(C) with serial number \u003e2311xxxx with Firmware \u003c=V2.11.0",
          "product_id": "CSAFPID-0050"
        },
        "product_reference": "CSAFPID-0030",
        "relates_to_product_reference": "CSAFPID-0020"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-23451",
      "cwe": {
        "id": "CWE-477",
        "name": "Use of Obsolete Function"
      },
      "notes": [
        {
          "category": "description",
          "text": "If the default password is not changed by the operator or customer, a remote unauthorized adversary may connect to the Flexi Soft Gateway via Telnet, interact with the device and change settings of the Gateway. The adversary may also reset the Gateway and in the worst case upload a new firmware version to the device that is then run under root privileges.\n\nSICK recommends to set a strong device individual password once the product is put into operation.",
          "title": "Description"
        },
        {
          "category": "summary",
          "text": "The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW., SICK UE410-EN1 FLEXI ETHERNET GATEW., SICK UE410-EN3S04 FLEXI ETHERNET GATEW., SICK UE410-EN4 FLEXI ETHERNET GATEW., SICK FX0-GENT00000 FLEXISOFT EIP GATEW., SICK FX0-GMOD00000 FLEXISOFT MOD GATEW., SICK FX0-GPNT00000 FLEXISOFT PNET GATEW., SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 and SICK FX0-GMOD00010 FLEXISOFT MOD GW. have Telnet enabled by factory default. No password is set in the default configuration.\n\nGateways with a serial number \u003e2311xxxx have the Telnet interface disabled by factory default.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-0041",
          "CSAFPID-0042",
          "CSAFPID-0043",
          "CSAFPID-0044",
          "CSAFPID-0045",
          "CSAFPID-0046",
          "CSAFPID-0047",
          "CSAFPID-0048",
          "CSAFPID-0049",
          "CSAFPID-0050"
        ],
        "known_affected": [
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039",
          "CSAFPID-0040"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "SICK recommends to set a strong password for the Telnet protocol once the Gateway is put into operation. It is possible to set a password with a maximum length of 15 characters.\n\nEnter the following commands to change the Telnet password:\n\n```bash\n$ telnet \u003cGateway-IP-Address\u003e\nPassword: \u003cold password\u003e [Enter]\npasswd \u003cutmost secure password, followed by [Enter]\u003e\nquit [Enter]\n\n$ telnet \u003cGateway-IP-Address\u003e\nPassword: \u003cnew password\u003e [Enter]\n```\n\nTest if [Enter] still works and if the new password is saved.",
          "product_ids": [
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039",
            "CSAFPID-0040"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039",
            "CSAFPID-0040"
          ]
        }
      ]
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-23451 (GCVE-0-2023-23451)

GSD-2023-23451

FKIE_CVE-2023-23451

GHSA-J4PP-RP58-2QHJ

SCA-2023-0002

Tags

Sightings

Nomenclature