{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-23444","assignerOrgId":"a6863dd2-93fc-443d-bef1-79f0b5020988","state":"PUBLISHED","assignerShortName":"SICK AG","dateReserved":"2023-01-12T04:07:53.938Z","datePublished":"2023-05-12T12:39:26.532Z","dateUpdated":"2026-06-01T12:19:07.455Z"},"containers":{"cna":{"providerMetadata":{"orgId":"a6863dd2-93fc-443d-bef1-79f0b5020988","shortName":"SICK AG","dateUpdated":"2026-06-01T12:19:07.455Z"},"problemTypes":[{"descriptions":[{"lang":"en","description":"Missing Authentication for Critical Function"}]}],"affected":[{"vendor":"SICK AG","product":"UE410-EN3 FLEXI ETHERNET GATEW.","versions":[{"status":"affected","version":"all firmware versions"}],"defaultStatus":"affected"},{"vendor":"SICK AG","product":"UE410-EN1 FLEXI ETHERNET GATEW.","versions":[{"status":"affected","version":"all firmware versions"}],"defaultStatus":"affected"},{"vendor":"SICK AG","product":"UE410-EN4 FLEXI ETHERNET GATEW.","versions":[{"status":"affected","version":"all firmware versions"}],"defaultStatus":"affected"},{"vendor":"SICK AG","product":"FX0-GENT00000 FLEXISOFT EIP GATEW.","versions":[{"status":"affected","version":"all firmware versions"}],"defaultStatus":"affected"},{"vendor":"SICK AG","product":"FX0-GMOD00000 FLEXISOFT MOD GATEW.","versions":[{"status":"affected","version":"all firmware versions"}],"defaultStatus":"affected"},{"vendor":"SICK AG","product":"FX0-GPNT00000 FLEXISOFT PNET GATEW.","versions":[{"status":"affected","version":"all firmware versions"}],"defaultStatus":"affected"},{"vendor":"SICK AG","product":"FX0-GENT00030 FLEXISOFT EIP GATEW.V2","versions":[{"status":"affected","version":"all firmware versions"}],"defaultStatus":"affected"},{"vendor":"SICK AG","product":"FX0-GPNT00030 FLEXISOFT PNET GATEW.V2","versions":[{"status":"affected","version":"all firmware versions"}],"defaultStatus":"affected"},{"vendor":"SICK AG","product":"FX0-GMOD00010 FLEXISOFT MOD GW (C)","versions":[{"status":"affected","version":"all firmware versions"}],"defaultStatus":"affected"},{"vendor":"SICK AG","product":"FX3-GEPR00000 FLEXISOFT EFI-PRO GW","versions":[{"status":"affected","version":"all firmware versions"}],"defaultStatus":"affected"},{"vendor":"SICK AG","product":"FX3-GEPR00010 FLEXISOFT EFI-PRO GW","versions":[{"status":"affected","version":"all firmware versions"}],"defaultStatus":"affected"},{"vendor":"SICK AG","product":"FX0-GETC00000 FLEXISOFT ETC GW","versions":[{"status":"affected","version":"all firmware versions"}],"defaultStatus":"affected"},{"vendor":"SICK AG","product":"FX0-GETC00040 FLEXISOFT ETC GW","versions":[{"status":"affected","version":"all firmware versions"}],"defaultStatus":"affected"},{"vendor":"SICK AG","product":"FX0-GETC00010 FLEXISOFT ETC GW (C)","versions":[{"status":"affected","version":"all firmware versions"}],"defaultStatus":"affected"},{"vendor":"SICK AG","product":"FX0-GENT00010 FLEXISOFT EIP GW (C)","versions":[{"status":"affected","version":"all firmware versions"}],"defaultStatus":"affected"},{"vendor":"SICK AG","product":"FX0-GPNT00010 FLEXISOFT PNET GW (C)","versions":[{"status":"affected","version":"all firmware versions"}],"defaultStatus":"affected"},{"vendor":"SICK AG","product":"UE410-EN3 FLEXI ETHERNET GATEW. Firmware","versions":[{"status":"affected","version":"all firmware versions"}],"defaultStatus":"affected"},{"vendor":"SICK AG","product":"UE410-EN1 FLEXI ETHERNET GATEW. Firmware","versions":[{"status":"affected","version":"all firmware versions"}],"defaultStatus":"affected"},{"vendor":"SICK AG","product":"UE410-EN4 FLEXI ETHERNET GATEW. Firmware","versions":[{"status":"affected","version":"all firmware versions"}],"defaultStatus":"affected"},{"vendor":"SICK AG","product":"FX0-GENT00000 FLEXISOFT EIP GATEW. Firmware","versions":[{"status":"affected","version":"all firmware versions"}],"defaultStatus":"affected"},{"vendor":"SICK AG","product":"FX0-GMOD00000 FLEXISOFT MOD GATEW. Firmware","versions":[{"status":"affected","version":"all firmware versions"}],"defaultStatus":"affected"},{"vendor":"SICK AG","product":"FX0-GPNT00000 FLEXISOFT PNET GATEW. Firmware","versions":[{"status":"affected","version":"all firmware versions"}],"defaultStatus":"affected"},{"vendor":"SICK AG","product":"FX0-GENT00030 FLEXISOFT EIP GATEW.V2 Firmware","versions":[{"status":"affected","version":"all firmware versions"}],"defaultStatus":"affected"},{"vendor":"SICK AG","product":"FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 Firmware","versions":[{"status":"affected","version":"all firmware versions"}],"defaultStatus":"affected"},{"vendor":"SICK AG","product":"FX0-GMOD00010 FLEXISOFT MOD GW (C) Firmware","versions":[{"status":"affected","version":"all firmware versions"}],"defaultStatus":"affected"},{"vendor":"SICK AG","product":"FX3-GEPR00000 FLEXISOFT EFI-PRO GW Firmware","versions":[{"status":"affected","version":"all firmware versions"}],"defaultStatus":"affected"},{"vendor":"SICK AG","product":"FX3-GEPR00010 FLEXISOFT EFI-PRO GW Firmware","versions":[{"status":"affected","version":"all firmware versions"}],"defaultStatus":"affected"},{"vendor":"SICK AG","product":"FX0-GETC00000 FLEXISOFT ETC GW Firmware","versions":[{"status":"affected","version":"all firmware versions"}],"defaultStatus":"affected"},{"vendor":"SICK AG","product":"FX0-GETC00040 FLEXISOFT ETC GW Firmware","versions":[{"status":"affected","version":"all firmware versions"}],"defaultStatus":"affected"},{"vendor":"SICK AG","product":"FX0-GETC00010 FLEXISOFT ETC GW (C) Firmware","versions":[{"status":"affected","version":"all firmware versions"}],"defaultStatus":"affected"},{"vendor":"SICK AG","product":"FX0-GENT00010 FLEXISOFT EIP GW (C) Firmware","versions":[{"status":"affected","version":"all firmware versions"}],"defaultStatus":"affected"},{"vendor":"SICK AG","product":"FX0-GPNT00010 FLEXISOFT PNET GW (C) Firmware","versions":[{"status":"affected","version":"all firmware versions"}],"defaultStatus":"affected"}],"descriptions":[{"lang":"en","value":"Missing Authentication for Critical Function in SICK Flexi Classic and Flexi Soft Gateways with Partnumbers 1042193, 1042964, 1044078, 1044072, 1044073, 1044074, 1099830, 1099832, 1127717, 1069070, 1112296, 1051432, 1102420, 1127487, 1121596, 1121597 allows an unauthenticated remote attacker to influence the availability of the device by changing the IP settings of the device via broadcasted UDP packets.","supportingMedia":[{"type":"text/html","base64":false,"value":"Missing Authentication for Critical Function in SICK Flexi Classic and Flexi Soft Gateways with Partnumbers 1042193, 1042964, 1044078, 1044072, 1044073, 1044074, 1099830, 1099832, 1127717, 1069070, 1112296, 1051432, 1102420, 1127487, 1121596, 1121597 allows an unauthenticated remote attacker to influence the availability of the device by changing the IP settings of the device via broadcasted UDP packets."}]}],"references":[{"url":"https://sick.com/psirt","tags":["issue-tracking"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0003.pdf","tags":["vendor-advisory"]},{"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0003.json","tags":["x_csaf"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseSeverity":"HIGH","baseScore":7.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}}],"workarounds":[{"lang":"en","value":"Please make sure that you apply general security practices when operating the Flexi Classic and Flexi Soft Gateways like network segmentation. The following General Security Practices and Operating Guidelines could mitigate the associated security risk.","supportingMedia":[{"type":"text/html","base64":false,"value":"Please make sure that you apply general security practices when operating the Flexi Classic and Flexi Soft Gateways like network segmentation. The following General Security Practices and Operating Guidelines could mitigate the associated security risk."}]}],"source":{"discovery":"INTERNAL"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T10:28:41.054Z"},"title":"CVE Program Container","references":[{"tags":["issue-tracking","x_transferred"],"url":"https://sick.com/psirt"},{"tags":["vendor-advisory","x_transferred"],"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0003.pdf"},{"tags":["x_csaf","x_transferred"],"url":"https://sick.com/.well-known/csaf/white/2023/sca-2023-0003.json"}]},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-306","lang":"en","description":"CWE-306 Missing Authentication for Critical Function"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-01-24T16:15:46.625483Z","id":"CVE-2023-23444","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-01-24T16:16:26.175Z"}}]}}