sca-2023-0001
Vulnerability from csaf_sick
Published
2023-02-20 14:00
Modified
2023-02-20 14:00
Summary
Bootloader mode vulnerability in Flexi Soft Gateways v3
Notes
The SICK PSIRT received a report about a Missing Authentication for Critical Function vulnerability in the firmware of FX0-GPNT v3 and FX0-GENT v3. This vulnerability was introduced with the hardware redesign of the v3 of FX0-GENT and FX0-GPNT as part of the implementation of the RK512 protocol. The RK512 protocol is used to configure the Flexi Soft stations via an exposed TCP port on the Ethernet based gateways.
General Security Measures
As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.
Vulnerability Classification
SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "The SICK PSIRT received a report about a Missing Authentication for Critical Function vulnerability in the firmware of FX0-GPNT v3 and FX0-GENT v3. This vulnerability was introduced with the hardware redesign of the v3 of FX0-GENT and FX0-GPNT as part of the implementation of the RK512 protocol. The RK512 protocol is used to configure the Flexi Soft stations via an exposed TCP port on the Ethernet based gateways."
},
{
"category": "general",
"text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.",
"title": "General Security Measures"
},
{
"category": "general",
"text": "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer\u2019s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.",
"title": "Vulnerability Classification"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@sick.de",
"issuing_authority": "SICK PSIRT is responsible for any vulnerabilities related to SICK products.",
"name": "SICK PSIRT",
"namespace": "https://sick.com/psirt"
},
"references": [
{
"summary": "SICK PSIRT Security Advisories",
"url": "https://sick.com/psirt"
},
{
"summary": "SICK Operating Guidelines",
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"summary": "ICS-CERT recommended practices on Industrial Security",
"url": "http://ics-cert.us-cert.gov/content/recommended-practices"
},
{
"summary": "CVSS v3.1 Calculator",
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"category": "self",
"summary": "The canonical URL.",
"url": "https://www.sick.com/.well-known/csaf/white/2023/sca-2023-0001.json"
},
{
"category": "self",
"summary": "The canonical PDF URL.",
"url": "https://www.sick.com/.well-known/csaf/white/2023/sca-2023-0001.pdf"
}
],
"title": "Bootloader mode vulnerability in Flexi Soft Gateways v3",
"tracking": {
"current_release_date": "2023-02-20T14:00:00.000Z",
"generator": {
"date": "2023-02-23T14:16:48.500Z",
"engine": {
"name": "Secvisogram",
"version": "2.0.0"
}
},
"id": "SCA-2023-0001",
"initial_release_date": "2023-02-20T14:00:00.000Z",
"revision_history": [
{
"date": "2023-02-20T14:00:00.000Z",
"number": "1",
"summary": "Initial Release"
},
{
"date": "2023-02-23T11:00:00.000Z",
"number": "2",
"summary": "Updated Advisory (only visual changes)"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "v3",
"product": {
"name": "SICK FX0-GENT00000 v3",
"product_id": "CSAFPID-0001",
"product_identification_helper": {
"skus": [
"1044072"
]
}
}
}
],
"category": "product_name",
"name": "FX0-GENT00000"
},
{
"branches": [
{
"category": "product_version",
"name": "v3",
"product": {
"name": "SICK FX0-GENT00010 v3",
"product_id": "CSAFPID-0002",
"product_identification_helper": {
"skus": [
"1121596"
]
}
}
}
],
"category": "product_name",
"name": "FX0-GENT00010"
},
{
"branches": [
{
"category": "product_version",
"name": "v3",
"product": {
"name": "SICK FX0-GPNT00000 v3",
"product_id": "CSAFPID-0003",
"product_identification_helper": {
"skus": [
"1044074"
]
}
}
}
],
"category": "product_name",
"name": "FX0-GPNT00000"
},
{
"branches": [
{
"category": "product_version",
"name": "v3",
"product": {
"name": "SICK FX0-GPNT00010 v3",
"product_id": "CSAFPID-0004",
"product_identification_helper": {
"skus": [
"1121597"
]
}
}
}
],
"category": "product_name",
"name": "FX0-GPNT00010"
},
{
"branches": [
{
"category": "product_version_range",
"name": "V3.04",
"product": {
"name": "SICK FX0-GENT Firmware V3.04",
"product_id": "CSAFPID-0011"
}
},
{
"category": "product_version_range",
"name": "V3.05",
"product": {
"name": "SICK FX0-GENT Firmware V3.05",
"product_id": "CSAFPID-0012"
}
}
],
"category": "product_name",
"name": "FX0-GENT Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "V3.04",
"product": {
"name": "SICK FX0-GPNT Firmware V3.04",
"product_id": "CSAFPID-0013"
}
},
{
"category": "product_version_range",
"name": "V3.05",
"product": {
"name": "SICK FX0-GPNT Firmware V3.05",
"product_id": "CSAFPID-0014"
}
}
],
"category": "product_name",
"name": "FX0-GPNT Firmware"
}
],
"category": "vendor",
"name": "SICK AG"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "SICK FX0-GENT00000 v3 with Firmware V3.04",
"product_id": "CSAFPID-0021"
},
"product_reference": "CSAFPID-0011",
"relates_to_product_reference": "CSAFPID-0001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK FX0-GENT00000 v3 with Firmware V3.05",
"product_id": "CSAFPID-0022"
},
"product_reference": "CSAFPID-0012",
"relates_to_product_reference": "CSAFPID-0001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK FX0-GENT00010 v3 with Firmware V3.04",
"product_id": "CSAFPID-0023"
},
"product_reference": "CSAFPID-0011",
"relates_to_product_reference": "CSAFPID-0002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK FX0-GENT00010 v3 with Firmware V3.05",
"product_id": "CSAFPID-0024"
},
"product_reference": "CSAFPID-0012",
"relates_to_product_reference": "CSAFPID-0002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK FX0-GPNT00000 v3 with Firmware V3.04",
"product_id": "CSAFPID-0025"
},
"product_reference": "CSAFPID-0013",
"relates_to_product_reference": "CSAFPID-0003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK FX0-GPNT00000 v3 with Firmware V3.05",
"product_id": "CSAFPID-0026"
},
"product_reference": "CSAFPID-0014",
"relates_to_product_reference": "CSAFPID-0003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK FX0-GPNT00010 v3 with Firmware V3.04",
"product_id": "CSAFPID-0027"
},
"product_reference": "CSAFPID-0013",
"relates_to_product_reference": "CSAFPID-0004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK FX0-GPNT00010 v3 with Firmware V3.05",
"product_id": "CSAFPID-0028"
},
"product_reference": "CSAFPID-0014",
"relates_to_product_reference": "CSAFPID-0004"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-23453",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "description",
"text": "The Flexi Soft Gateways FX0-GENT00000 v3 and FX0-GENT00010 v3 use the RK512 protocol to configure the Flexi Soft stations via an exposed TCP port on the Ethernet based gateways. A remote unauthenticated attacker may craft malicious packets to the listener on TCP port 9000 and may use this vulnerability as a permanent denial of service attack. If the attacker is more sophisticated, the attacker may even achieve remote code execution."
}
],
"product_status": {
"known_affected": [
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that you apply general security practices when operating the FlexiSoft gateways like network segmentation. The following General Security Practices and Operating Guidelines could mitigate the associated security risk.",
"product_ids": [
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024"
]
}
]
},
{
"cve": "CVE-2023-23452",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "description",
"text": "The Flexi Soft Gateways FX0-GPNT00000 v3 and FX0-GPNT00010 v3 use the RK512 protocol to configure the Flexi Soft stations via an exposed TCP port on the Ethernet based gateways. A remote unauthenticated attacker may craft malicious packets to the listener on TCP port 9000 and may use this vulnerability as a permanent denial of service attack. If the attacker is more sophisticated, the attacker may even achieve remote code execution."
}
],
"product_status": {
"known_affected": [
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that you apply general security practices when operating the FlexiSoft gateways like network segmentation. The following General Security Practices and Operating Guidelines could mitigate the associated security risk.",
"product_ids": [
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028"
]
}
]
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.