PT-2023-18961 · Sick · Sick Ue410-En3 Flexi Ethernet Gatew.+9
Published
2023-04-19
·
Updated
2023-09-14
·
CVE-2023-23451
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SICK UE410-EN3 FLEXI ETHERNET GATEW. versions all
SICK UE410-EN1 FLEXI ETHERNET GATEW. versions all
SICK UE410-EN3S04 FLEXI ETHERNET GATEW. versions all
SICK UE410-EN4 FLEXI ETHERNET GATEW. versions all
SICK FX0-GENT00000 FLEXISOFT EIP GATEW. versions prior to V2.11.0
SICK FX0-GMOD00000 FLEXISOFT MOD GATEW. versions prior to V2.11.0
SICK FX0-GPNT00000 FLEXISOFT PNET GATEW. versions prior to V2.12.0
SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2 versions all
SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 versions all
SICK FX0-GMOD00010 FLEXISOFT MOD GW versions prior to V2.11.0
Description
The issue is related to the default configuration of the Telnet interface in the affected gateways, which is enabled by factory default and has no password set. This could potentially allow unauthorized access to the devices. Gateways with a serial number greater than 2311xxxx have the Telnet interface disabled by factory default.
Recommendations
For SICK UE410-EN3 FLEXI ETHERNET GATEW., consider disabling the Telnet interface until a patch is available.
For SICK UE410-EN1 FLEXI ETHERNET GATEW., consider disabling the Telnet interface until a patch is available.
For SICK UE410-EN3S04 FLEXI ETHERNET GATEW., consider disabling the Telnet interface until a patch is available.
For SICK UE410-EN4 FLEXI ETHERNET GATEW., consider disabling the Telnet interface until a patch is available.
For SICK FX0-GENT00000 FLEXISOFT EIP GATEW. versions prior to V2.11.0, consider disabling the Telnet interface until a patch is available.
For SICK FX0-GMOD00000 FLEXISOFT MOD GATEW. versions prior to V2.11.0, consider disabling the Telnet interface until a patch is available.
For SICK FX0-GPNT00000 FLEXISOFT PNET GATEW. versions prior to V2.12.0, consider disabling the Telnet interface until a patch is available.
For SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2, consider disabling the Telnet interface until a patch is available.
For SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2, consider disabling the Telnet interface until a patch is available.
For SICK FX0-GMOD00010 FLEXISOFT MOD GW versions prior to V2.11.0, consider disabling the Telnet interface until a patch is available.
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sick Fx0-Gent00000 Flexisoft Eip Gatew.
Sick Fx0-Gent00030 Flexisoft Eip Gatew.V2
Sick Fx0-Gmod00000 Flexisoft Mod Gatew.
Sick Fx0-Gmod00010 Flexisoft Mod Gw
Sick Fx0-Gpnt00000 Flexisoft Pnet Gatew.
Sick Fx0-Gpnt00030 Flexisoft Pnet Gatew.V2
Sick Ue410-En1 Flexi Ethernet Gatew.
Sick Ue410-En3 Flexi Ethernet Gatew.
Sick Ue410-En3S04 Flexi Ethernet Gatew.
Sick Ue410-En4 Flexi Ethernet Gatew.