sca-2023-0002
Vulnerability from csaf_sick
Published
2023-04-11 10:00
Modified
2023-04-11 10:00
Summary
Use of Telnet in multiple SICK Flexi Soft and Flexi Classic Gateways
Notes
Several versions of the SICK Flexi Soft Gateways FX0-GENT, FX0-GMOD, FX0-GPNT and SICK Flexi Classic Gateway UE410 provide a Telnet interface for debugging, which is enabled by factory default. No password is set in the default configuration.
If the password is not set by the customer, a remote unauthorized adversary could connect via Telnet. The adversary may use the debugging interface to subsequently gain access to the boot loader and in the worst case modify the firmware of the devices.
Gateways with a serial number >2311xxxx have the Telnet interface disabled by factory default.
General Security Measures
As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.
Vulnerability Classification
SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "Several versions of the SICK Flexi Soft Gateways FX0-GENT, FX0-GMOD, FX0-GPNT and SICK Flexi Classic Gateway UE410 provide a Telnet interface for debugging, which is enabled by factory default. No password is set in the default configuration.\n\nIf the password is not set by the customer, a remote unauthorized adversary could connect via Telnet. The adversary may use the debugging interface to subsequently gain access to the boot loader and in the worst case modify the firmware of the devices.\n\nGateways with a serial number \u003e2311xxxx have the Telnet interface disabled by factory default."
},
{
"category": "general",
"text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.",
"title": "General Security Measures"
},
{
"category": "general",
"text": "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer\u2019s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.",
"title": "Vulnerability Classification"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@sick.de",
"issuing_authority": "SICK PSIRT is responsible for any vulnerabilities related to SICK products.",
"name": "SICK PSIRT",
"namespace": "https://sick.com/psirt"
},
"references": [
{
"summary": "SICK PSIRT Security Advisories",
"url": "https://sick.com/psirt"
},
{
"summary": "SICK Operating Guidelines",
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"summary": "ICS-CERT recommended practices on Industrial Security",
"url": "http://ics-cert.us-cert.gov/content/recommended-practices"
},
{
"summary": "CVSS v3.1 Calculator",
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"category": "self",
"summary": "The canonical URL.",
"url": "https://www.sick.com/.well-known/csaf/white/2023/sca-2023-0002.json"
},
{
"category": "self",
"summary": "The canonical PDF URL.",
"url": "https://www.sick.com/.well-known/csaf/white/2023/sca-2023-0002.pdf"
}
],
"title": "Use of Telnet in multiple SICK Flexi Soft and Flexi Classic Gateways",
"tracking": {
"current_release_date": "2023-04-11T10:00:00.000Z",
"generator": {
"date": "2023-04-11T10:00:00.000Z",
"engine": {
"name": "Secvisogram",
"version": "2.0.0"
}
},
"id": "SCA-2023-0002",
"initial_release_date": "2023-04-11T10:00:00.000Z",
"revision_history": [
{
"date": "2023-04-11T10:00:00.000Z",
"number": "1",
"summary": "Initial Release"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "serial number \u003c=2311xxxx",
"product": {
"name": "SICK UE410-EN3 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx",
"product_id": "CSAFPID-0001",
"product_identification_helper": {
"skus": [
"1042193"
]
}
}
},
{
"category": "product_version_range",
"name": "serial number \u003e2311xxxx",
"product": {
"name": "SICK UE410-EN3 FLEXI ETHERNET GATEW. with serial number \u003e2311xxxx",
"product_id": "CSAFPID-0002",
"product_identification_helper": {
"skus": [
"1042193"
]
}
}
}
],
"category": "product_name",
"name": "UE410-EN3 FLEXI ETHERNET GATEW."
},
{
"branches": [
{
"category": "product_version_range",
"name": "serial number \u003c=2311xxxx",
"product": {
"name": "SICK UE410-EN1 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx",
"product_id": "CSAFPID-0003",
"product_identification_helper": {
"skus": [
"1042964"
]
}
}
},
{
"category": "product_version_range",
"name": "serial number \u003e2311xxxx",
"product": {
"name": "SICK UE410-EN1 FLEXI ETHERNET GATEW. with serial number \u003e2311xxxx",
"product_id": "CSAFPID-0004",
"product_identification_helper": {
"skus": [
"1042964"
]
}
}
}
],
"category": "product_name",
"name": "UE410-EN1 FLEXI ETHERNET GATEW."
},
{
"branches": [
{
"category": "product_version_range",
"name": "serial number \u003c=2311xxxx",
"product": {
"name": "SICK UE410-EN3S04 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx",
"product_id": "CSAFPID-0005",
"product_identification_helper": {
"skus": [
"1123789"
]
}
}
},
{
"category": "product_version_range",
"name": "serial number \u003e2311xxxx",
"product": {
"name": "SICK UE410-EN3S04 FLEXI ETHERNET GATEW. with serial number \u003e2311xxxx",
"product_id": "CSAFPID-0006",
"product_identification_helper": {
"skus": [
"1123789"
]
}
}
}
],
"category": "product_name",
"name": "UE410-EN3S04 FLEXI ETHERNET GATEW."
},
{
"branches": [
{
"category": "product_version_range",
"name": "serial number \u003c=2311xxxx",
"product": {
"name": "SICK UE410-EN4 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx",
"product_id": "CSAFPID-0007",
"product_identification_helper": {
"skus": [
"1044078"
]
}
}
},
{
"category": "product_version_range",
"name": "serial number \u003e2311xxxx",
"product": {
"name": "SICK UE410-EN4 FLEXI ETHERNET GATEW. with serial number \u003e2311xxxx",
"product_id": "CSAFPID-0008",
"product_identification_helper": {
"skus": [
"1044078"
]
}
}
}
],
"category": "product_name",
"name": "UE410-EN4 FLEXI ETHERNET GATEW."
},
{
"branches": [
{
"category": "product_version_range",
"name": "serial number \u003c=2311xxxx",
"product": {
"name": "SICK FX0-GENT00000 FLEXISOFT EIP GATEW. with serial number \u003c=2311xxxx",
"product_id": "CSAFPID-0009",
"product_identification_helper": {
"skus": [
"1044072"
]
}
}
},
{
"category": "product_version_range",
"name": "serial number \u003e2311xxxx",
"product": {
"name": "SICK FX0-GENT00000 FLEXISOFT EIP GATEW. with serial number \u003e2311xxxx",
"product_id": "CSAFPID-0010",
"product_identification_helper": {
"skus": [
"1044072"
]
}
}
}
],
"category": "product_name",
"name": "FX0-GENT00000 FLEXISOFT EIP GATEW."
},
{
"branches": [
{
"category": "product_version_range",
"name": "serial number \u003c=2311xxxx",
"product": {
"name": "SICK FX0-GMOD00000 FLEXISOFT MOD GATEW. with serial number \u003c=2311xxxx",
"product_id": "CSAFPID-0011",
"product_identification_helper": {
"skus": [
"1044073"
]
}
}
},
{
"category": "product_version_range",
"name": "serial number \u003e2311xxxx",
"product": {
"name": "SICK FX0-GMOD00000 FLEXISOFT MOD GATEW. with serial number \u003e2311xxxx",
"product_id": "CSAFPID-0012",
"product_identification_helper": {
"skus": [
"1044073"
]
}
}
}
],
"category": "product_name",
"name": "FX0-GMOD00000 FLEXISOFT MOD GATEW."
},
{
"branches": [
{
"category": "product_version_range",
"name": "serial number \u003c=2311xxxx",
"product": {
"name": "SICK FX0-GPNT00000 FLEXISOFT PNET GATEW. with serial number \u003c=2311xxxx",
"product_id": "CSAFPID-0013",
"product_identification_helper": {
"skus": [
"1044074"
]
}
}
},
{
"category": "product_version_range",
"name": "serial number \u003e2311xxxx",
"product": {
"name": "SICK FX0-GPNT00000 FLEXISOFT PNET GATEW. with serial number \u003e2311xxxx",
"product_id": "CSAFPID-0014",
"product_identification_helper": {
"skus": [
"1044074"
]
}
}
}
],
"category": "product_name",
"name": "FX0-GPNT00000 FLEXISOFT PNET GATEW."
},
{
"branches": [
{
"category": "product_version_range",
"name": "serial number \u003c=2311xxxx",
"product": {
"name": "SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2 with serial number \u003c=2311xxxx",
"product_id": "CSAFPID-0015",
"product_identification_helper": {
"skus": [
"1099830"
]
}
}
},
{
"category": "product_version_range",
"name": "serial number \u003e2311xxxx",
"product": {
"name": "SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2 with serial number \u003e2311xxxx",
"product_id": "CSAFPID-0016",
"product_identification_helper": {
"skus": [
"1099830"
]
}
}
}
],
"category": "product_name",
"name": "FX0-GENT00030 FLEXISOFT EIP GATEW.V2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "serial number \u003c=2311xxxx",
"product": {
"name": "SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 with serial number \u003c=2311xxxx",
"product_id": "CSAFPID-0017",
"product_identification_helper": {
"skus": [
"1099832"
]
}
}
},
{
"category": "product_version_range",
"name": "serial number \u003e2311xxxx",
"product": {
"name": "SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 with serial number \u003e2311xxxx",
"product_id": "CSAFPID-0018",
"product_identification_helper": {
"skus": [
"1099832"
]
}
}
}
],
"category": "product_name",
"name": "FX0-GPNT00030 FLEXISOFT PNET GATEW.V2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "serial number \u003c=2311xxxx",
"product": {
"name": "SICK FX0-GMOD00010 FLEXISOFT MOD GW \u00a0(C) with serial number \u003c=2311xxxx",
"product_id": "CSAFPID-0019",
"product_identification_helper": {
"skus": [
"1127717"
]
}
}
},
{
"category": "product_version_range",
"name": "serial number \u003e2311xxxx",
"product": {
"name": "SICK FX0-GMOD00010 FLEXISOFT MOD GW \u00a0(C) with serial number \u003e2311xxxx",
"product_id": "CSAFPID-0020",
"product_identification_helper": {
"skus": [
"1127717"
]
}
}
}
],
"category": "product_name",
"name": "FX0-GMOD00010 FLEXISOFT MOD GW \u00a0(C)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK UE410-EN3 FLEXI ETHERNET GATEW. Firmware all versions",
"product_id": "CSAFPID-0021"
}
}
],
"category": "product_name",
"name": "UE410-EN3 FLEXI ETHERNET GATEW. Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK UE410-EN1 FLEXI ETHERNET GATEW. Firmware all versions",
"product_id": "CSAFPID-0022"
}
}
],
"category": "product_name",
"name": "UE410-EN1 FLEXI ETHERNET GATEW. Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK UE410-EN3S04 FLEXI ETHERNET GATEW. Firmware all versions",
"product_id": "CSAFPID-0023"
}
}
],
"category": "product_name",
"name": "UE410-EN3S04 FLEXI ETHERNET GATEW. Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK UE410-EN4 FLEXI ETHERNET GATEW. Firmware all versions",
"product_id": "CSAFPID-0024"
}
}
],
"category": "product_name",
"name": "UE410-EN4 FLEXI ETHERNET GATEW. Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=V2.11.0",
"product": {
"name": "SICK FX0-GENT00000 FLEXISOFT EIP GATEW. Firmware \u003c=V2.11.0",
"product_id": "CSAFPID-0025"
}
}
],
"category": "product_name",
"name": "FX0-GENT00000 FLEXISOFT EIP GATEW. Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=V2.11.0",
"product": {
"name": "SICK FX0-GMOD00000 FLEXISOFT MOD GATEW. Firmware \u003c=V2.11.0",
"product_id": "CSAFPID-0026"
}
}
],
"category": "product_name",
"name": "FX0-GMOD00000 FLEXISOFT MOD GATEW. Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=V2.12.0",
"product": {
"name": "SICK FX0-GPNT00000 FLEXISOFT PNET GATEW. Firmware \u003c=V2.12.0",
"product_id": "CSAFPID-0027"
}
}
],
"category": "product_name",
"name": "FX0-GPNT00000 FLEXISOFT PNET GATEW. Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2 Firmware all versions",
"product_id": "CSAFPID-0028"
}
}
],
"category": "product_name",
"name": "FX0-GENT00030 FLEXISOFT EIP GATEW.V2 Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 Firmware all versions",
"product_id": "CSAFPID-0029"
}
}
],
"category": "product_name",
"name": "FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=V2.11.0",
"product": {
"name": "SICK FX0-GMOD00010 FLEXISOFT MOD GW \u00a0(C) Firmware \u003c=V2.11.0",
"product_id": "CSAFPID-0030"
}
}
],
"category": "product_name",
"name": "FX0-GMOD00010 FLEXISOFT MOD GW \u00a0(C) Firmware"
}
],
"category": "vendor",
"name": "SICK AG"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "SICK UE410-EN3 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions",
"product_id": "CSAFPID-0031"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK UE410-EN1 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions",
"product_id": "CSAFPID-0032"
},
"product_reference": "CSAFPID-0022",
"relates_to_product_reference": "CSAFPID-0003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK UE410-EN3S04 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions",
"product_id": "CSAFPID-0033"
},
"product_reference": "CSAFPID-0023",
"relates_to_product_reference": "CSAFPID-0005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK UE410-EN4 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions",
"product_id": "CSAFPID-0034"
},
"product_reference": "CSAFPID-0024",
"relates_to_product_reference": "CSAFPID-0007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK FX0-GENT00000 FLEXISOFT EIP GATEW. with serial number \u003c=2311xxxx with Firmware \u003c=V2.11.0",
"product_id": "CSAFPID-0035"
},
"product_reference": "CSAFPID-0025",
"relates_to_product_reference": "CSAFPID-0009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK FX0-GMOD00000 FLEXISOFT MOD GATEW. with serial number \u003c=2311xxxx with Firmware \u003c=V2.11.0",
"product_id": "CSAFPID-0036"
},
"product_reference": "CSAFPID-0026",
"relates_to_product_reference": "CSAFPID-0011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK FX0-GPNT00000 FLEXISOFT PNET GATEW. with serial number \u003c=2311xxxx with Firmware \u003c=V2.12.0",
"product_id": "CSAFPID-0037"
},
"product_reference": "CSAFPID-0027",
"relates_to_product_reference": "CSAFPID-0013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2 with serial number \u003c=2311xxxx all Firmware versions",
"product_id": "CSAFPID-0038"
},
"product_reference": "CSAFPID-0028",
"relates_to_product_reference": "CSAFPID-0015"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 with serial number \u003c=2311xxxx all Firmware versions",
"product_id": "CSAFPID-0039"
},
"product_reference": "CSAFPID-0029",
"relates_to_product_reference": "CSAFPID-0017"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK FX0-GMOD00010 FLEXISOFT MOD GW \u00a0(C) with serial number \u003c=2311xxxx with Firmware \u003c=V2.11.0",
"product_id": "CSAFPID-0040"
},
"product_reference": "CSAFPID-0030",
"relates_to_product_reference": "CSAFPID-0019"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK UE410-EN3 FLEXI ETHERNET GATEW. with serial number \u003e2311xxxx all Firmware versions",
"product_id": "CSAFPID-0041"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK UE410-EN1 FLEXI ETHERNET GATEW. with serial number \u003e2311xxxx all Firmware versions",
"product_id": "CSAFPID-0042"
},
"product_reference": "CSAFPID-0022",
"relates_to_product_reference": "CSAFPID-0004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK UE410-EN3S04 FLEXI ETHERNET GATEW. with serial number \u003e2311xxxx all Firmware versions",
"product_id": "CSAFPID-0043"
},
"product_reference": "CSAFPID-0023",
"relates_to_product_reference": "CSAFPID-0006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK UE410-EN4 FLEXI ETHERNET GATEW. with serial number \u003e2311xxxx all Firmware versions",
"product_id": "CSAFPID-0044"
},
"product_reference": "CSAFPID-0024",
"relates_to_product_reference": "CSAFPID-0008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK FX0-GENT00000 FLEXISOFT EIP GATEW. with serial number \u003e2311xxxx with Firmware \u003c=V2.11.0",
"product_id": "CSAFPID-0045"
},
"product_reference": "CSAFPID-0025",
"relates_to_product_reference": "CSAFPID-0010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK FX0-GMOD00000 FLEXISOFT MOD GATEW. with serial number \u003e2311xxxx with Firmware \u003c=V2.11.0",
"product_id": "CSAFPID-0046"
},
"product_reference": "CSAFPID-0026",
"relates_to_product_reference": "CSAFPID-0012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK FX0-GPNT00000 FLEXISOFT PNET GATEW. with serial number \u003e2311xxxx with Firmware \u003c=V2.12.0",
"product_id": "CSAFPID-0047"
},
"product_reference": "CSAFPID-0027",
"relates_to_product_reference": "CSAFPID-0014"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2 with serial number \u003e2311xxxx all Firmware versions",
"product_id": "CSAFPID-0048"
},
"product_reference": "CSAFPID-0028",
"relates_to_product_reference": "CSAFPID-0016"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 with serial number \u003e2311xxxx all Firmware versions",
"product_id": "CSAFPID-0049"
},
"product_reference": "CSAFPID-0029",
"relates_to_product_reference": "CSAFPID-0018"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK FX0-GMOD00010 FLEXISOFT MOD GW \u00a0(C) with serial number \u003e2311xxxx with Firmware \u003c=V2.11.0",
"product_id": "CSAFPID-0050"
},
"product_reference": "CSAFPID-0030",
"relates_to_product_reference": "CSAFPID-0020"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-23451",
"cwe": {
"id": "CWE-477",
"name": "Use of Obsolete Function"
},
"notes": [
{
"category": "description",
"text": "If the default password is not changed by the operator or customer, a remote unauthorized adversary may connect to the Flexi Soft Gateway via Telnet, interact with the device and change settings of the Gateway. The adversary may also reset the Gateway and in the worst case upload a new firmware version to the device that is then run under root privileges.\n\nSICK recommends to set a strong device individual password once the product is put into operation.",
"title": "Description"
},
{
"category": "summary",
"text": "The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW., SICK UE410-EN1 FLEXI ETHERNET GATEW., SICK UE410-EN3S04 FLEXI ETHERNET GATEW., SICK UE410-EN4 FLEXI ETHERNET GATEW., SICK FX0-GENT00000 FLEXISOFT EIP GATEW., SICK FX0-GMOD00000 FLEXISOFT MOD GATEW., SICK FX0-GPNT00000 FLEXISOFT PNET GATEW., SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 and SICK FX0-GMOD00010 FLEXISOFT MOD GW. have Telnet enabled by factory default. No password is set in the default configuration.\n\nGateways with a serial number \u003e2311xxxx have the Telnet interface disabled by factory default.",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050"
],
"known_affected": [
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040"
]
},
"remediations": [
{
"category": "mitigation",
"details": "SICK recommends to set a strong password for the Telnet protocol once the Gateway is put into operation. It is possible to set a password with a maximum length of 15 characters.\n\nEnter the following commands to change the Telnet password:\n\n```bash\n$ telnet \u003cGateway-IP-Address\u003e\nPassword: \u003cold password\u003e [Enter]\npasswd \u003cutmost secure password, followed by [Enter]\u003e\nquit [Enter]\n\n$ telnet \u003cGateway-IP-Address\u003e\nPassword: \u003cnew password\u003e [Enter]\n```\n\nTest if [Enter] still works and if the new password is saved.",
"product_ids": [
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040"
]
}
]
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.