8.2

CVE-2023-23444

Missing Authentication for Critical Function in SICK Flexi Classic and Flexi Soft Gateways with Partnumbers 1042193, 1042964, 1044078, 1044072, 1044073, 1044074, 1099830, 1099832, 1127717, 1069070, 1112296, 1051432, 1102420, 1127487, 1121596, 1121597 allows an unauthenticated remote attacker to influence the availability of the device by changing the IP settings of the device via broadcasted UDP packets.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SickUe410-en4 Firmware Version-
   SickUe410-en4 Version-
SickUe410-en3 Firmware Version-
   SickUe410-en3 Version-
SickUe410-en1 Firmware Version-
   SickUe410-en1 Version-
SickFx0-gpnt00030 Firmware Version-
   SickFx0-gpnt00030 Version-
SickFx0-gpnt00010 Firmware Version-
   SickFx0-gpnt00010 Version-
SickFx0-gpnt00000 Firmware Version-
   SickFx0-gpnt00000 Version-
SickFx0-gmod00010 Firmware Version-
   SickFx0-gmod00010 Version-
SickFx0-gmod00000 Firmware Version-
   SickFx0-gmod00000 Version-
SickFx0-gent00030 Firmware Version-
   SickFx0-gent00030 Version-
SickFx0-gent00010 Firmware Version-
   SickFx0-gent00010 Version-
SickFx0-gent00000 Firmware Version-
   SickFx0-gent00000 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.71% 0.717
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.2 3.9 4.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
psirt@sick.de 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://sick.com/psirt
Vendor Advisory