CVE-2023-5246

Summary

Authentication Bypass by Capture-replay in SICK Flexi Soft Gateways with Partnumbers 1044073, 1127717, 1130282, 1044074, 1121597, 1099832, 1051432, 1127487, 1069070, 1112296, 1044072, 1121596, 1099830 allows an unauthenticated remote attacker to potentially impact the availability, integrity and confidentiality of the gateways via an authentication bypass by capture-replay.

Affected Software

VendorProductVersion RangeStatus
SICK AGFX0-GMOD00000vers:all/*affected
SICK AGFX0-GMOD00010vers:all/*affected
SICK AGFX0-GMOD00030vers:all/*affected
SICK AGFX0-GPNT00000vers:all/*affected
SICK AGFX0-GPNT00010vers:all/*affected
SICK AGFX0-GPNT00030vers:all/*affected
SICK AGFX0-GETC00000vers:all/*affected
SICK AGFX0-GETC00010vers:all/*affected
SICK AGFX3-GEPR00000vers:all/*affected
SICK AGFX3-GEPR00010vers:all/*affected
SICK AGFX0-GENT00000vers:all/*affected
SICK AGFX0-GENT00010vers:all/*affected
SICK AGFX0-GENT00030vers:all/*affected

Weaknesses

  • Authentication Bypass by Capture-replay

Workarounds

Please make sure that you apply general security practices when operating the SICK Flexi Soft Gateways. The following General Security Practices and Operating Guidelines could mitigate the associated security risk.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References