CVE-2023-23451

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN1 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN3S04 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN4 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK FX0-GENT00000 FLEXISOFT EIP GATEW. with serial number <=2311xxxx with Firmware <=V2.11.0, SICK FX0-GMOD00000 FLEXISOFT MOD GATEW. with serial number <=2311xxxx with Firmware <=V2.11.0, SICK FX0-GPNT00000 FLEXISOFT PNET GATEW. with serial number <=2311xxxx with Firmware <=V2.12.0, SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2 with serial number <=2311xxxx all Firmware versions, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 with serial number <=2311xxxx all Firmware versions and SICK FX0-GMOD00010 FLEXISOFT MOD GW with serial number <=2311xxxx with Firmware <=V2.11.0 all have Telnet enabled by factory default. No password is set in the default configuration.

El Flexi Classic y Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW. con número de serie <=2311xxxx todas las versiones de Firmware, SICK UE410-EN1 FLEXI ETHERNET GATEW. con número de serie <=2311xxxx todas las versiones de Firmware, SICK UE410-EN3S04 FLEXI ETHERNET GATEW. con número de serie <=2311xxxx todas las versiones de Firmware, SICK UE410-EN4 FLEXI ETHERNET GATEW. con número de serie <=2311xxxx todas las versiones de firmware, SICK FX0-GENT00000 FLEXISOFT EIP GATEW. con número de serie <=2311xxxx con Firmware <=V2.11.0, SICK FX0-GMOD00000 FLEXISOFT MOD GATEW. con número de serie <=2311xxxx con Firmware <=V2.11.0, SICK FX0-GPNT00000 FLEXISOFT PNET GATEW. con número de serie <=2311xxxx con firmware <=V2.12.0, SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2 con número de serie <=2311xxxx todas las versiones de firmware, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 con número de serie <=2311xxxx todo el firmware Las versiones y SICK FX0-GMOD00010 FLEXISOFT MOD GW con número de serie <=2311xxxx con firmware <=V2.11.0 tienen Telnet habilitado de forma predeterminada. No se establece ninguna contraseña en la configuración predeterminada.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-01-12 CVE Reserved
2023-04-19 CVE Published
2024-08-02 CVE Updated
2024-11-09 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-306: Missing Authentication for Critical Function
CWE-477: Use of Obsolete Function

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://sick.com/psirt	2023-09-14

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Sick Search vendor "Sick"	Ue410-en3 Firmware Search vendor "Sick" for product "Ue410-en3 Firmware"	*	-	Affected	in	Sick Search vendor "Sick"	Ue410-en3 Search vendor "Sick" for product "Ue410-en3"	-	-	Safe
Sick Search vendor "Sick"	Ue410-en1 Firmware Search vendor "Sick" for product "Ue410-en1 Firmware"	*	-	Affected	in	Sick Search vendor "Sick"	Ue410-en1 Search vendor "Sick" for product "Ue410-en1"	-	-	Safe
Sick Search vendor "Sick"	Ue410-en3s04 Firmware Search vendor "Sick" for product "Ue410-en3s04 Firmware"	*	-	Affected	in	Sick Search vendor "Sick"	Ue410-en3s04 Search vendor "Sick" for product "Ue410-en3s04"	-	-	Safe
Sick Search vendor "Sick"	Ue410-en4 Firmware Search vendor "Sick" for product "Ue410-en4 Firmware"	*	-	Affected	in	Sick Search vendor "Sick"	Ue410-en4 Search vendor "Sick" for product "Ue410-en4"	-	-	Safe
Sick Search vendor "Sick"	Fx0-gent00000 Firmware Search vendor "Sick" for product "Fx0-gent00000 Firmware"	<= 2.11.0 Search vendor "Sick" for product "Fx0-gent00000 Firmware" and version " <= 2.11.0"	-	Affected	in	Sick Search vendor "Sick"	Fx0-gent00000 Search vendor "Sick" for product "Fx0-gent00000"	-	-	Safe
Sick Search vendor "Sick"	Fx0-gmod00000 Firmware Search vendor "Sick" for product "Fx0-gmod00000 Firmware"	<= 2.11.0 Search vendor "Sick" for product "Fx0-gmod00000 Firmware" and version " <= 2.11.0"	-	Affected	in	Sick Search vendor "Sick"	Fx0-gmod00000 Search vendor "Sick" for product "Fx0-gmod00000"	-	-	Safe
Sick Search vendor "Sick"	Fx0-gpnt00000 Firmware Search vendor "Sick" for product "Fx0-gpnt00000 Firmware"	<= 2.12.0 Search vendor "Sick" for product "Fx0-gpnt00000 Firmware" and version " <= 2.12.0"	-	Affected	in	Sick Search vendor "Sick"	Fx0-gpnt00000 Search vendor "Sick" for product "Fx0-gpnt00000"	-	-	Safe
Sick Search vendor "Sick"	Fx0-gent00030 Firmware Search vendor "Sick" for product "Fx0-gent00030 Firmware"	*	-	Affected	in	Sick Search vendor "Sick"	Fx0-gent00030 Search vendor "Sick" for product "Fx0-gent00030"	-	-	Safe
Sick Search vendor "Sick"	Fx0-gpnt00030 Firmware Search vendor "Sick" for product "Fx0-gpnt00030 Firmware"	*	-	Affected	in	Sick Search vendor "Sick"	Fx0-gpnt00030 Search vendor "Sick" for product "Fx0-gpnt00030"	-	-	Safe
Sick Search vendor "Sick"	Fx0-gmod00010 Firmware Search vendor "Sick" for product "Fx0-gmod00010 Firmware"	<= 2.11.0 Search vendor "Sick" for product "Fx0-gmod00010 Firmware" and version " <= 2.11.0"	-	Affected	in	Sick Search vendor "Sick"	Fx0-gmod00010 Search vendor "Sick" for product "Fx0-gmod00010"	-	-	Safe