CVE-2023-23452

CRITICAL

SICK FX0-GPNT v3 Firmware V3.04 and V3.05 - Unauthenticated Remote Code Execution via RK512 Commands

Title source: llm
STIX 2.1

Description

Missing Authentication for Critical Function in SICK FX0-GPNT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000.

References (1)

Core 1
Core References
Vendor Advisory
https://sick.com/psirt

Scores

CVSS v3 9.8
EPSS 0.0110
EPSS Percentile 61.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-306
Status published
Products (4)
sick/fx0-gpnt00000_firmware 3.04
sick/fx0-gpnt00000_firmware 3.05
sick/fx0-gpnt00010_firmware 3.04
sick/fx0-gpnt00010_firmware 3.05
Published Feb 20, 2023
Tracked Since Feb 18, 2026