github - ghsa-8w5h-774q-3rhm

ghsa-8w5h-774q-3rhm

Vulnerability from github

Published

2023-05-12 15:30

Modified

2024-04-04 04:03

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

Missing Authentication for Critical Function in SICK Flexi Classic and Flexi Soft Gateways with Partnumbers 1042193, 1042964, 1044078, 1044072, 1044073, 1044074, 1099830, 1099832, 1127717, 1069070, 1112296, 1051432, 1102420, 1127487, 1121596, 1121597 allows an unauthenticated remote attacker to influence the availability of the device by changing the IP settings of the device via broadcasted UDP packets.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-23444"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-12T13:15:09Z",
    "severity": "HIGH"
  },
  "details": "Missing Authentication for Critical Function in SICK Flexi Classic and Flexi Soft Gateways with Partnumbers 1042193, 1042964, 1044078, 1044072, 1044073, 1044074, 1099830, 1099832, 1127717, 1069070, 1112296, 1051432, 1102420, 1127487, 1121596, 1121597 allows an unauthenticated remote attacker to influence the availability of the device by changing the IP settings of the device via broadcasted UDP packets.",
  "id": "GHSA-8w5h-774q-3rhm",
  "modified": "2024-04-04T04:03:50Z",
  "published": "2023-05-12T15:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23444"
    },
    {
      "type": "WEB",
      "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0003.json"
    },
    {
      "type": "WEB",
      "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0003.pdf"
    },
    {
      "type": "WEB",
      "url": "https://sick.com/psirt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2023-23444

Vulnerability from cvelistv5

Published

2023-05-12 12:39

Modified

2024-08-02 10:28

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

▼	URL	Tags
	https://sick.com/psirt	issue-tracking
	https://sick.com/.well-known/csaf/white/2023/sca-2023-0003.pdf	vendor-advisory
	https://sick.com/.well-known/csaf/white/2023/sca-2023-0003.json	x_csaf

Impacted products

▼	Vendor	Product
	SICK AG	UE410-EN3 FLEXI ETHERNET GATEW.
	SICK AG	UE410-EN1 FLEXI ETHERNET GATEW.
	SICK AG	UE410-EN4 FLEXI ETHERNET GATEW.
	SICK AG	FX0-GENT00000 FLEXISOFT EIP GATEW.
	SICK AG	FX0-GMOD00000 FLEXISOFT MOD GATEW.
	SICK AG	FX0-GPNT00000 FLEXISOFT PNET GATEW.
	SICK AG	FX0-GENT00030 FLEXISOFT EIP GATEW.V2
	SICK AG	FX0-GPNT00030 FLEXISOFT PNET GATEW.V2
	SICK AG	FX0-GMOD00010 FLEXISOFT MOD GW (C)
	SICK AG	FX3-GEPR00000 FLEXISOFT EFI-PRO GW
	SICK AG	FX3-GEPR00010 FLEXISOFT EFI-PRO GW
	SICK AG	FX0-GETC00000 FLEXISOFT ETC GW
	SICK AG	FX0-GETC00040 FLEXISOFT ETC GW
	SICK AG	FX0-GETC00010 FLEXISOFT ETC GW (C)
	SICK AG	FX0-GENT00010 FLEXISOFT EIP GW (C)
	SICK AG	FX0-GPNT00010 FLEXISOFT PNET GW (C)
	SICK AG	UE410-EN3 FLEXI ETHERNET GATEW. Firmware
	SICK AG	UE410-EN1 FLEXI ETHERNET GATEW. Firmware
	SICK AG	UE410-EN4 FLEXI ETHERNET GATEW. Firmware
	SICK AG	FX0-GENT00000 FLEXISOFT EIP GATEW. Firmware
	SICK AG	FX0-GMOD00000 FLEXISOFT MOD GATEW. Firmware
	SICK AG	FX0-GPNT00000 FLEXISOFT PNET GATEW. Firmware
	SICK AG	FX0-GENT00030 FLEXISOFT EIP GATEW.V2 Firmware
	SICK AG	FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 Firmware
	SICK AG	FX0-GMOD00010 FLEXISOFT MOD GW (C) Firmware
	SICK AG	FX3-GEPR00000 FLEXISOFT EFI-PRO GW Firmware
	SICK AG	FX3-GEPR00010 FLEXISOFT EFI-PRO GW Firmware
	SICK AG	FX0-GETC00000 FLEXISOFT ETC GW Firmware
	SICK AG	FX0-GETC00040 FLEXISOFT ETC GW Firmware
	SICK AG	FX0-GETC00010 FLEXISOFT ETC GW (C) Firmware
	SICK AG	FX0-GENT00010 FLEXISOFT EIP GW (C) Firmware
	SICK AG	FX0-GPNT00010 FLEXISOFT PNET GW (C) Firmware

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:28:41.054Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "issue-tracking",
              "x_transferred"
            ],
            "url": "https://sick.com/psirt"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0003.pdf"
          },
          {
            "tags": [
              "x_csaf",
              "x_transferred"
            ],
            "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0003.json"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "UE410-EN3 FLEXI ETHERNET GATEW.",
          "vendor": "SICK AG",
          "versions": [
            {
              "status": "affected",
              "version": "all firmware versions"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "UE410-EN1 FLEXI ETHERNET GATEW.",
          "vendor": "SICK AG",
          "versions": [
            {
              "status": "affected",
              "version": "all firmware versions"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "UE410-EN4 FLEXI ETHERNET GATEW.",
          "vendor": "SICK AG",
          "versions": [
            {
              "status": "affected",
              "version": "all firmware versions"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "FX0-GENT00000 FLEXISOFT EIP GATEW.",
          "vendor": "SICK AG",
          "versions": [
            {
              "status": "affected",
              "version": "all firmware versions"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "FX0-GMOD00000 FLEXISOFT MOD GATEW.",
          "vendor": "SICK AG",
          "versions": [
            {
              "status": "affected",
              "version": "all firmware versions"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "FX0-GPNT00000 FLEXISOFT PNET GATEW.",
          "vendor": "SICK AG",
          "versions": [
            {
              "status": "affected",
              "version": "all firmware versions"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "FX0-GENT00030 FLEXISOFT EIP GATEW.V2",
          "vendor": "SICK AG",
          "versions": [
            {
              "status": "affected",
              "version": "all firmware versions"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "FX0-GPNT00030 FLEXISOFT PNET GATEW.V2",
          "vendor": "SICK AG",
          "versions": [
            {
              "status": "affected",
              "version": "all firmware versions"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "FX0-GMOD00010 FLEXISOFT MOD GW (C)",
          "vendor": "SICK AG",
          "versions": [
            {
              "status": "affected",
              "version": "all firmware versions"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "FX3-GEPR00000 FLEXISOFT EFI-PRO GW",
          "vendor": "SICK AG",
          "versions": [
            {
              "status": "affected",
              "version": "all firmware versions"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "FX3-GEPR00010 FLEXISOFT EFI-PRO GW",
          "vendor": "SICK AG",
          "versions": [
            {
              "status": "affected",
              "version": "all firmware versions"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "FX0-GETC00000 FLEXISOFT ETC GW",
          "vendor": "SICK AG",
          "versions": [
            {
              "status": "affected",
              "version": "all firmware versions"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "FX0-GETC00040 FLEXISOFT ETC GW",
          "vendor": "SICK AG",
          "versions": [
            {
              "status": "affected",
              "version": "all firmware versions"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "FX0-GETC00010 FLEXISOFT ETC GW (C)",
          "vendor": "SICK AG",
          "versions": [
            {
              "status": "affected",
              "version": "all firmware versions"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "FX0-GENT00010 FLEXISOFT EIP GW (C)",
          "vendor": "SICK AG",
          "versions": [
            {
              "status": "affected",
              "version": "all firmware versions"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "FX0-GPNT00010 FLEXISOFT PNET GW (C)",
          "vendor": "SICK AG",
          "versions": [
            {
              "status": "affected",
              "version": "all firmware versions"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "UE410-EN3 FLEXI ETHERNET GATEW. Firmware",
          "vendor": "SICK AG",
          "versions": [
            {
              "status": "affected",
              "version": "all firmware versions"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "UE410-EN1 FLEXI ETHERNET GATEW. Firmware",
          "vendor": "SICK AG",
          "versions": [
            {
              "status": "affected",
              "version": "all firmware versions"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "UE410-EN4 FLEXI ETHERNET GATEW. Firmware",
          "vendor": "SICK AG",
          "versions": [
            {
              "status": "affected",
              "version": "all firmware versions"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "FX0-GENT00000 FLEXISOFT EIP GATEW. Firmware",
          "vendor": "SICK AG",
          "versions": [
            {
              "status": "affected",
              "version": "all firmware versions"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "FX0-GMOD00000 FLEXISOFT MOD GATEW. Firmware",
          "vendor": "SICK AG",
          "versions": [
            {
              "status": "affected",
              "version": "all firmware versions"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "FX0-GPNT00000 FLEXISOFT PNET GATEW. Firmware",
          "vendor": "SICK AG",
          "versions": [
            {
              "status": "affected",
              "version": "all firmware versions"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "FX0-GENT00030 FLEXISOFT EIP GATEW.V2 Firmware",
          "vendor": "SICK AG",
          "versions": [
            {
              "status": "affected",
              "version": "all firmware versions"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 Firmware",
          "vendor": "SICK AG",
          "versions": [
            {
              "status": "affected",
              "version": "all firmware versions"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "FX0-GMOD00010 FLEXISOFT MOD GW (C) Firmware",
          "vendor": "SICK AG",
          "versions": [
            {
              "status": "affected",
              "version": "all firmware versions"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "FX3-GEPR00000 FLEXISOFT EFI-PRO GW Firmware",
          "vendor": "SICK AG",
          "versions": [
            {
              "status": "affected",
              "version": "all firmware versions"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "FX3-GEPR00010 FLEXISOFT EFI-PRO GW Firmware",
          "vendor": "SICK AG",
          "versions": [
            {
              "status": "affected",
              "version": "all firmware versions"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "FX0-GETC00000 FLEXISOFT ETC GW Firmware",
          "vendor": "SICK AG",
          "versions": [
            {
              "status": "affected",
              "version": "all firmware versions"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "FX0-GETC00040 FLEXISOFT ETC GW Firmware",
          "vendor": "SICK AG",
          "versions": [
            {
              "status": "affected",
              "version": "all firmware versions"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "FX0-GETC00010 FLEXISOFT ETC GW (C) Firmware",
          "vendor": "SICK AG",
          "versions": [
            {
              "status": "affected",
              "version": "all firmware versions"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "FX0-GENT00010 FLEXISOFT EIP GW (C) Firmware",
          "vendor": "SICK AG",
          "versions": [
            {
              "status": "affected",
              "version": "all firmware versions"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "FX0-GPNT00010 FLEXISOFT PNET GW (C) Firmware",
          "vendor": "SICK AG",
          "versions": [
            {
              "status": "affected",
              "version": "all firmware versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": true,
              "type": "text/html",
              "value": "Missing Authentication for Critical Function in SICK Flexi Classic and Flexi Soft Gateways with Partnumbers 1042193, 1042964, 1044078, 1044072, 1044073, 1044074, 1099830, 1099832, 1127717, 1069070, 1112296, 1051432, 1102420, 1127487, 1121596, 1121597 allows an unauthenticated remote attacker to influence the availability of the device by changing the IP settings of the device via broadcasted UDP packets."
            }
          ],
          "value": "Missing Authentication for Critical Function in SICK Flexi Classic and Flexi Soft Gateways with Partnumbers 1042193, 1042964, 1044078, 1044072, 1044073, 1044074, 1099830, 1099832, 1127717, 1069070, 1112296, 1051432, 1102420, 1127487, 1121596, 1121597 allows an unauthenticated remote attacker to influence the availability of the device by changing the IP settings of the device via broadcasted UDP packets."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Missing Authentication for Critical Function",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-12T12:49:35.619Z",
        "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "shortName": "SICK AG"
      },
      "references": [
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://sick.com/psirt"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0003.pdf"
        },
        {
          "tags": [
            "x_csaf"
          ],
          "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0003.json"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": true,
              "type": "text/html",
              "value": "Please make sure that you apply general security practices when operating the Flexi Classic and Flexi Soft Gateways like network segmentation. The following General Security Practices and Operating Guidelines could mitigate the associated security risk."
            }
          ],
          "value": "Please make sure that you apply general security practices when operating the Flexi Classic and Flexi Soft Gateways like network segmentation. The following General Security Practices and Operating Guidelines could mitigate the associated security risk."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
    "assignerShortName": "SICK AG",
    "cveId": "CVE-2023-23444",
    "datePublished": "2023-05-12T12:39:26.532Z",
    "dateReserved": "2023-01-12T04:07:53.938Z",
    "dateUpdated": "2024-08-02T10:28:41.054Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted