CVE-2023-23451

moderate-risk
Published 2023-04-19

The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN1 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN3S04 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN4 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK FX0-GENT00000 FLEXISOFT EIP GATEW. with serial number <=2311xxxx with Firmware <=V2.11.0, SICK FX0-GMOD00000 FLEXISOFT MOD GATEW. with serial number <=2311xxxx with Firmware <=V2.11.0, SICK FX0-GPNT00000 FLEXISOFT PNET GATEW. with serial number <=2311xxxx with Firmware <=V2.12.0, SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2 with serial number <=2311xxxx all Firmware versions, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 with serial number <=2311xxxx all Firmware versions and SICK FX0-GMOD00010 FLEXISOFT MOD GW with serial number <=2311xxxx with Firmware <=V2.11.0 all have Telnet enabled by factory default. No password is set in the default configuration.

Do I need to act?

-
0.25% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (10)

Ue410-En3 Firmware
Ue410-En1 Firmware
Ue410-En3S04 Firmware
Ue410-En4 Firmware
Fx0-Gent00000 Firmware
Fx0-Gmod00000 Firmware
Fx0-Gpnt00000 Firmware
Fx0-Gent00030 Firmware
Fx0-Gpnt00030 Firmware
Fx0-Gmod00010 Firmware

Affected Vendors

Sick

References (2)

Vendor Advisory https://sick.com/psirt
Vendor Advisory https://sick.com/psirt
49
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 1/34 · Minimal
Exposure 16/34 · Moderate