CVE-2023-23451

EPSS 0.23%
Veröffentlicht 19.04.2023 23:15:06
Zuletzt bearbeitet 05.02.2025 16:15:35
Quelle psirt@sick.de
CVE-Watchlists
Login
Unerledigt
Login

The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN1 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN3S04 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN4 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK FX0-GENT00000 FLEXISOFT EIP GATEW. with serial number <=2311xxxx with Firmware <=V2.11.0, SICK FX0-GMOD00000 FLEXISOFT MOD GATEW. with serial number <=2311xxxx with Firmware <=V2.11.0, SICK FX0-GPNT00000 FLEXISOFT PNET GATEW. with serial number <=2311xxxx with Firmware <=V2.12.0, SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2 with serial number <=2311xxxx all Firmware versions, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 with serial number <=2311xxxx all Firmware versions and SICK FX0-GMOD00010 FLEXISOFT MOD GW with serial number <=2311xxxx with Firmware <=V2.11.0 all have Telnet enabled by factory default. No password is set in the default configuration.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sick ≫ Ue410-en3 Firmware

Sick ≫ Ue410-en3 Version-

Sick ≫ Ue410-en1 Firmware

Sick ≫ Ue410-en1 Version-

Sick ≫ Ue410-en3s04 Firmware

Sick ≫ Ue410-en3s04 Version-

Sick ≫ Ue410-en4 Firmware

Sick ≫ Ue410-en4 Version-

Sick ≫ Fx0-gent00000 Firmware Version <= 2.11.0

Sick ≫ Fx0-gent00000 Version-

Sick ≫ Fx0-gmod00000 Firmware Version <= 2.11.0

Sick ≫ Fx0-gmod00000 Version-

Sick ≫ Fx0-gpnt00000 Firmware Version <= 2.12.0

Sick ≫ Fx0-gpnt00000 Version-

Sick ≫ Fx0-gent00030 Firmware

Sick ≫ Fx0-gent00030 Version-

Sick ≫ Fx0-gpnt00030 Firmware

Sick ≫ Fx0-gpnt00030 Version-

Sick ≫ Fx0-gmod00010 Firmware Version <= 2.11.0

Sick ≫ Fx0-gmod00010 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.458

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

CWE-477 Use of Obsolete Function

The code uses deprecated or obsolete functions, which suggests that the code has not been actively reviewed or maintained.

https://sick.com/psirt

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-23451

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-23451

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-23451

EUVD