8.8

CVE-2023-5246

Authentication Bypass by Capture-replay in SICK Flexi Soft Gateways with Partnumbers 1044073, 1127717, 1130282, 1044074, 1121597, 1099832, 1051432, 1127487, 1069070, 1112296, 1044072, 1121596, 1099830 allows an unauthenticated remote attacker to potentially impact the availability, integrity and confidentiality of the gateways via an authentication bypass by capture-replay.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SickFx0-gent00000 Firmware Version-
   SickFx0-gent00000 Version-
SickFx0-gent00010 Firmware Version-
   SickFx0-gent00010 Version-
SickFx0-gent00030 Firmware Version-
   SickFx0-gent00030 Version-
SickFx0-get00000 Firmware Version-
   SickFx0-get00000 Version-
SickFx0-get00010 Firmware Version-
   SickFx0-get00010 Version-
SickFx0-gmod00000 Firmware Version-
   SickFx0-gmod00000 Version-
SickFx0-gmod00010 Firmware Version-
   SickFx0-gmod00010 Version-
SickFx0-gmod00030 Firmware Version-
   SickFx0-gmod00030 Version-
SickFx0-gpnt00000 Firmware Version-
   SickFx0-gpnt00000 Version-
SickFx0-gpnt00010 Firmware Version-
   SickFx0-gpnt00010 Version-
SickFx0-gpnt00030 Firmware Version-
   SickFx0-gpnt00030 Version-
SickFx0-gepr00000 Firmware Version-
   SickFx0-gepr00000 Version-
SickFx0-gepr00010 Firmware Version-
   SickFx0-gepr00010 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.59% 0.811
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
psirt@sick.de 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://sick.com/psirt
Vendor Advisory