Unrated severityNVD Advisory· Published May 12, 2023· Updated Jan 24, 2025

CVE-2023-23444

Description

Missing Authentication for Critical Function in SICK Flexi Classic and Flexi Soft Gateways with Partnumbers 1042193, 1042964, 1044078, 1044072, 1044073, 1044074, 1099830, 1099832, 1127717, 1069070, 1112296, 1051432, 1102420, 1127487, 1121596, 1121597 allows an unauthenticated remote attacker to influence the availability of the device by changing the IP settings of the device via broadcasted UDP packets.

Affected products

SICK AG/FX0-GETC00000 FLEXISOFT ETC GWv5
Range: all firmware versions
Sick Ag/Fx0 Gmod00000 Flexisoft Mod Gatew.v5
Range: all firmware versions
SICK AG/UE410-EN1 FLEXI ETHERNET GATEW.v5
Range: all firmware versions

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

sick.com/.well-known/csaf/white/2023/sca-2023-0003.pdfmitrevendor-advisory
sick.com/.well-known/csaf/white/2023/sca-2023-0003.jsonmitrex_csaf
sick.com/psirtmitreissue-tracking

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000