CVE-2023-5246

CVE-2023-5246

CVSS 8.8 HIGHEPSS 0.8%

Authentication Bypass by Capture-replay in SICK Flexi Soft Gateways with Partnumbers 1044073, 1127717, 1130282, 1044074, 1121597, 1099832, 1051432, 1127487, 1069070, 1112296, 1044072, 1121596, 1099830 allows an unauthenticated remote attacker to potentially impact the availability, integrity and confidentiality of the gateways via an authentication bypass by capture-replay.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

SICK AG · FX0-GENT00000 SICK AG · FX0-GENT00010 SICK AG · FX0-GENT00030 SICK AG · FX0-GETC00000 SICK AG · FX0-GETC00010 SICK AG · FX0-GMOD00000 SICK AG · FX0-GMOD00010 SICK AG · FX0-GMOD00030 SICK AG · FX0-GPNT00000 SICK AG · FX0-GPNT00010 SICK AG · FX0-GPNT00030 SICK AG · FX3-GEPR00000 SICK AG · FX3-GEPR00010

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://sick.com/psirt https://sick.com/.well-known/csaf/white/2023/sca-2023-0011.json https://sick.com/.well-known/csaf/white/2023/sca-2023-0011.pdf