CVE-2023-23453
CRITICALSICK FX0-GENT v3 Firmware V3.04 and V3.05 - Unauthenticated Remote Code Execution via RK512 Commands
Title source: llmDescription
Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000.
References (1)
Core 1
Core References
Vendor Advisory
https://sick.com/psirt
Scores
CVSS v3
9.8
EPSS
0.0110
EPSS Percentile
61.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-306
Status
published
Products (4)
sick/fx0-gent00000_firmware
3.04
sick/fx0-gent00000_firmware
3.05
sick/fx0-gent00010_firmware
3.04
sick/fx0-gent00010_firmware
3.05
Published
Feb 20, 2023
Tracked Since
Feb 18, 2026