CVE-2023-23444

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions SICK Flexi Classic and Flexi Soft Gateways with Partnumbers 1042193, 1042964, 1044078, 1044072, 1044073, 1044074, 1099830, 1099832, 1127717, 1069070, 1112296, 1051432, 1102420, 1127487, 1121596, 1121597

Description The issue allows an unauthenticated remote attacker to influence the availability of the device by changing the IP settings of the device via broadcasted UDP packets. This is due to missing authentication for a critical function in the affected gateways.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2023-23444

Affected Products

Sick Flexi Classic

Sick Flexi Soft

CVE-2023-23444

Weakness Enumeration

Related Identifiers

Affected Products

References · 6