Vulnerability Details : CVE-2023-23451
The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN1 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN3S04 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN4 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK FX0-GENT00000 FLEXISOFT EIP GATEW. with serial number <=2311xxxx with Firmware <=V2.11.0, SICK FX0-GMOD00000 FLEXISOFT MOD GATEW. with serial number <=2311xxxx with Firmware <=V2.11.0, SICK FX0-GPNT00000 FLEXISOFT PNET GATEW. with serial number <=2311xxxx with Firmware <=V2.12.0, SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2 with serial number <=2311xxxx all Firmware versions, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 with serial number <=2311xxxx all Firmware versions and SICK FX0-GMOD00010 FLEXISOFT MOD GW with serial number <=2311xxxx with Firmware <=V2.11.0 all have Telnet enabled by factory default. No password is set in the default configuration.
Products affected by CVE-2023-23451
- cpe:2.3:o:sick:fx0-gpnt00000_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:sick:fx0-gent00000_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:sick:ue410-en3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:sick:ue410-en1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:sick:ue410-en3s04_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:sick:ue410-en4_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:sick:fx0-gmod00000_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:sick:fx0-gent00030_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:sick:fx0-gpnt00030_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:sick:fx0-gmod00010_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-23451
0.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 59 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-23451
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2023-23451
-
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.Assigned by: nvd@nist.gov (Primary)
-
The code uses deprecated or obsolete functions, which suggests that the code has not been actively reviewed or maintained.Assigned by: psirt@sick.de (Secondary)
References for CVE-2023-23451
-
https://sick.com/psirt
The SICK Product Security Incident Response Team (SICK PSIRT) | SICKVendor Advisory
Jump to