2023-05-12 16:00:27 +02:00
{
"id" : "CVE-2023-23444" ,
"sourceIdentifier" : "psirt@sick.de" ,
"published" : "2023-05-12T13:15:09.350" ,
2023-05-26 20:00:33 +00:00
"lastModified" : "2023-05-26T18:15:18.340" ,
"vulnStatus" : "Analyzed" ,
2023-05-12 16:00:27 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "Missing Authentication for Critical Function in SICK Flexi Classic and Flexi Soft Gateways with Partnumbers 1042193, 1042964, 1044078, 1044072, 1044073, 1044074, 1099830, 1099832, 1127717, 1069070, 1112296, 1051432, 1102420, 1127487, 1121596, 1121597 allows an unauthenticated remote attacker to influence the availability of the device by changing the IP settings of the device via broadcasted UDP packets."
}
] ,
"metrics" : {
"cvssMetricV31" : [
2023-05-26 20:00:33 +00:00
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "LOW" ,
"availabilityImpact" : "HIGH" ,
"baseScore" : 8.2 ,
"baseSeverity" : "HIGH"
} ,
"exploitabilityScore" : 3.9 ,
"impactScore" : 4.2
} ,
2023-05-12 16:00:27 +02:00
{
"source" : "psirt@sick.de" ,
"type" : "Secondary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "NONE" ,
"availabilityImpact" : "HIGH" ,
"baseScore" : 7.5 ,
"baseSeverity" : "HIGH"
} ,
"exploitabilityScore" : 3.9 ,
"impactScore" : 3.6
}
]
} ,
2023-05-26 20:00:33 +00:00
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-306"
}
]
}
] ,
"configurations" : [
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:sick:ue410-en4_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "6E3BEC1A-8FFB-47E6-A874-783A02593844"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:sick:ue410-en4:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "593FA8EA-007A-47C0-9F22-89E420BBE0D4"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:sick:ue410-en3_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "FCC9ADCE-3CEE-4FFD-894A-B8F9073C58CB"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:sick:ue410-en3:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "4F4C5D33-6A97-4509-8151-65D79F03F18A"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:sick:ue410-en1_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "598DD1E1-DF04-4C3D-9628-B57C653F4FAD"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:sick:ue410-en1:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "A963DB6B-C9A9-4B1D-A239-C7B608F2CBD1"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:sick:fx0-gpnt00030_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "9447F86A-5967-4C97-AF69-369EF2BD2052"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:sick:fx0-gpnt00030:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "4CABEFF4-C0A4-4054-8174-7B3762BC0C3F"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:sick:fx0-gpnt00010_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "00770E9A-64BC-4440-A921-49ECD5C5986D"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:sick:fx0-gpnt00010:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "60B6F37A-78EE-4D1F-ACAE-FDE864F847B8"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:sick:fx0-gpnt00000_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "30BF991A-B66F-48B3-8902-D50C3B38A30D"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:sick:fx0-gpnt00000:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "BF3BF752-4F49-4E90-9790-1913ED64D8B3"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:sick:fx0-gmod00010_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "925AD219-B3D3-42B6-99E6-E97298AE0A4C"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:sick:fx0-gmod00010:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "97742720-A8E3-49FE-BE43-EFF720F3D52D"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:sick:fx0-gmod00000_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "8E87CA0E-7749-4F1E-B30B-78183ACF3170"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:sick:fx0-gmod00000:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D96296E7-65D3-4C0A-8126-4AA8BEF85B39"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:sick:fx0-gent00030_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "896EDB87-DB8E-4D82-83EB-65403F23FEB7"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:sick:fx0-gent00030:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "1809BCF9-541E-4348-87A3-4CB37D680704"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:sick:fx0-gent00010_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "61689FA0-FB90-4E9F-B500-AADCF8D827BE"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:sick:fx0-gent00010:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "BBAC00EB-BB15-4A65-A58D-B3015F7CFF85"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:sick:fx0-gent00000_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "8E8B658A-49DD-4F7C-9A20-191C8F6F3D8F"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:sick:fx0-gent00000:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "EAB590A4-F5E4-4A17-B5A6-33A995C96BAB"
}
]
}
]
}
] ,
2023-05-12 16:00:27 +02:00
"references" : [
{
"url" : "https://sick.com/.well-known/csaf/white/2023/sca-2023-0003.json" ,
2023-05-26 20:00:33 +00:00
"source" : "psirt@sick.de" ,
"tags" : [
"Vendor Advisory"
]
2023-05-12 16:00:27 +02:00
} ,
{
"url" : "https://sick.com/.well-known/csaf/white/2023/sca-2023-0003.pdf" ,
2023-05-26 20:00:33 +00:00
"source" : "psirt@sick.de" ,
"tags" : [
"Vendor Advisory"
]
2023-05-12 16:00:27 +02:00
} ,
{
"url" : "https://sick.com/psirt" ,
2023-05-26 20:00:33 +00:00
"source" : "psirt@sick.de" ,
"tags" : [
"Vendor Advisory"
]
2023-05-12 16:00:27 +02:00
}
]
}
