Vulnerability Details : CVE-2023-5246
Authentication Bypass by Capture-replay in SICK Flexi Soft Gateways with Partnumbers 1044073, 1127717, 1130282, 1044074, 1121597, 1099832, 1051432, 1127487, 1069070, 1112296, 1044072, 1121596, 1099830 allows an unauthenticated remote attacker to potentially impact the availability, integrity and confidentiality of the gateways via an authentication bypass by capture-replay.
Vulnerability category: BypassGain privilege
Products affected by CVE-2023-5246
- cpe:2.3:o:sick:fx0-gpnt00000_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:sick:fx0-gent00000_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:sick:fx0-gent00010_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:sick:fx0-gpnt00010_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:sick:fx0-gmod00000_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:sick:fx0-gent00030_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:sick:fx0-gpnt00030_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:sick:fx0-gmod00010_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:sick:fx0-get00000_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:sick:fx0-get00010_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:sick:fx0-gmod00030_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:sick:fx0-gepr00000_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:sick:fx0-gepr00010_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-5246
0.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 58 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-5246
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
SICK AG |
CWE ids for CVE-2023-5246
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-5246
-
https://sick.com/.well-known/csaf/white/2023/sca-2023-0011.json
Vendor Advisory
-
https://sick.com/psirt
The SICK Product Security Incident Response Team (SICK PSIRT) | SICKVendor Advisory
-
https://sick.com/.well-known/csaf/white/2023/sca-2023-0011.pdf
Mitigation;Vendor Advisory
Jump to