CVE-2023-23453
Published Feb 20, 2023
Last updated 2 years ago
Overview
- Description
- Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000.
- Source
- psirt@sick.de
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sick:fx0-gent00010_firmware:3.04:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A9EC0ECE-70A8-442B-B93B-B84932F52DA4"
},
{
"criteria": "cpe:2.3:o:sick:fx0-gent00010_firmware:3.05:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6D73D794-5176-42B1-B73F-2BB30D123E03"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sick:fx0-gent00010:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "BBAC00EB-BB15-4A65-A58D-B3015F7CFF85"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sick:fx0-gent00000_firmware:3.04:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B0831A52-F30A-4CEF-AF5B-037D9E3F09A9"
},
{
"criteria": "cpe:2.3:o:sick:fx0-gent00000_firmware:3.05:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "914328E2-B380-4763-AE8A-91B711EDE944"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sick:fx0-gent00000:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "EAB590A4-F5E4-4A17-B5A6-33A995C96BAB"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]