PT-2023-18962 · Sick · Sick Fx0-Gent

Published

2023-02-20

Updated

2025-03-18

CVE-2023-23452

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SICK FX0-GPNT v3 Firmware version V3.04 SICK FX0-GPNT v3 Firmware version V3.05

Description The issue allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000. This is due to missing authentication for a critical function.

Recommendations For SICK FX0-GPNT v3 Firmware version V3.04, consider disabling the listener on TCP port 9000 as a temporary workaround until a patch is available. For SICK FX0-GPNT v3 Firmware version V3.05, consider disabling the listener on TCP port 9000 as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2023-23452

Affected Products

Sick Fx0-Gent

PT-2023-18962 · Sick · Sick Fx0-Gent

CVE-2023-23452

Weakness Enumeration

Related Identifiers

Affected Products

References · 6