Lucene search

SICK AGVULNRICHMENT:CVE-2023-5246

HistoryOct 23, 2023 - 12:22 p.m.

CVE-2023-5246

2023-10-2312:22:19

SICK AG

github.com

cve-2023-5246

capture-replay

sick flexi soft gateways

partnumbers

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

Low

EPSS

0.001

Percentile

44.8%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Authentication Bypass by Capture-replay in SICK Flexi Soft Gateways with Partnumbers 1044073, 1127717, 1130282, 1044074, 1121597, 1099832, 1051432, 1127487, 1069070, 1112296, 1044072, 1121596, 1099830 allows an unauthenticated remote attacker to potentially impact the availability, integrity and confidentiality of the gateways via an authentication bypass by capture-replay.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:o:sick:fx0-gmod00000_firmware:-:*:*:*:*:*:*:*"
    ],
    "vendor": "sick",
    "product": "fx0-gmod00000_firmware",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "*"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:sick:fx0-gmod00010_firmware:-:*:*:*:*:*:*:*"
    ],
    "vendor": "sick",
    "product": "fx0-gmod00010_firmware",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "*"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:sick:fx0-gmod00030_firmware:-:*:*:*:*:*:*:*"
    ],
    "vendor": "sick",
    "product": "fx0-gmod00030_firmware",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "*"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:sick:fx0-gpnt00000_firmware:-:*:*:*:*:*:*:*"
    ],
    "vendor": "sick",
    "product": "fx0-gpnt00000_firmware",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "*"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:sick:fx0-gpnt00010_firmware:-:*:*:*:*:*:*:*"
    ],
    "vendor": "sick",
    "product": "fx0-gpnt00010_firmware",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "*"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:sick:fx0-gpnt00030_firmware:-:*:*:*:*:*:*:*"
    ],
    "vendor": "sick",
    "product": "fx0-gpnt00030_firmware",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "*"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:sick:fx0-getc00000:*:*:*:*:*:*:*:*"
    ],
    "vendor": "sick",
    "product": "fx0-getc00000",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "*"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:sick:fx0-getc00010:*:*:*:*:*:*:*:*"
    ],
    "vendor": "sick",
    "product": "fx0-getc00010",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "*"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:sick:fx3-gepr00000:*:*:*:*:*:*:*:*"
    ],
    "vendor": "sick",
    "product": "fx3-gepr00000",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "*"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:sick:fx3-gepr00010:*:*:*:*:*:*:*:*"
    ],
    "vendor": "sick",
    "product": "fx3-gepr00010",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "*"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:sick:fx0-gent00000_firmware:-:*:*:*:*:*:*:*"
    ],
    "vendor": "sick",
    "product": "fx0-gent00000_firmware",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "*"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:sick:fx0-gent00010_firmware:-:*:*:*:*:*:*:*"
    ],
    "vendor": "sick",
    "product": "fx0-gent00010_firmware",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "*"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:sick:fx0-gent00030_firmware:-:*:*:*:*:*:*:*"
    ],
    "vendor": "sick",
    "product": "fx0-gent00030_firmware",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "*"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

sick.com/.well-known/csaf/white/2023/sca-2023-0011.json

sick.com/.well-known/csaf/white/2023/sca-2023-0011.pdf

sick.com/psirt

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

Low

EPSS

0.001

Percentile

44.8%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2023-5246