PT-2023-18963 · Sick · Sick Fx0-Gent
Published
2023-02-20
·
Updated
2025-03-18
·
CVE-2023-23453
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SICK FX0-GENT v3 Firmware versions V3.04 and V3.05
Description
The issue allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000. This is due to missing authentication for a critical function.
Recommendations
For SICK FX0-GENT v3 Firmware versions V3.04 and V3.05, consider restricting access to the listener on TCP port 9000 to minimize the risk of exploitation. As a temporary workaround, avoid using the RK512 commands until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sick Fx0-Gent