Main Vulnerability Database Vulnerabilities #VU77926

Missing Authentication for Critical Function in Sick AG products - CVE-2023-23444

Published: July 4, 2023

Vulnerability identifier: #VU77926

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-23444

CWE-ID: CWE-306

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
SICK FX0-GENT00000
SICK FX0-GENT00010
SICK FX0-GENT00030
SICK FX0-GMOD00000
SICK FX0-GMOD00010
SICK FX0-GPNT00000
SICK FX0-GPNT00010
SICK FX0-GPNT00030
SICK UE410-EN1 FLEXI
SICK UE410-EN3 FLEXI
SICK UE410-EN4 FLEXI

Software vendor:
Sick AG

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to missing authentication for critical function. A remote attacker can send a broadcasted UDP packet and change the IP settings of the affected device.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Missing Authentication for Critical Function in Sick AG products - CVE-2023-23444

Description

Remediation

External links

Please verify you're human