Vulnerability in SICK Flexi Soft Gateway
BOSCH-SA-164691
Advisory Information
- Advisory ID: BOSCH-SA-164691
- CVE Numbers and CVSS v3.1 Scores:
- CVE-2023-5246
- Base Score: 8.8 (High)
- CVE-2023-5246
- Published: 24 Oct 2023
- Last Updated: 24 Oct 2023
Summary
The SLC-0-GPNT00300 from Bosch Rexroth contains technology from SICK AG. The manufacturer has published a security bulletin [1] regarding an authentication bypass by capture-replay. Exploiting the vulnerability would allow an unauthenticated attacker to login to the gateways by sending specially crafted packets and potentially impact the availability, integrity and confidentiality of the devices.
Affected Products
- Rexroth SLC-0-GPNT00300
- CVE-2023-5246
- Version(s): all
- CVE-2023-5246
Solution and Mitigations
Compensatory Measures
Compensatory measures are recommended which mitigate the risk. Always define such compensatory measures individually, in the context of the operational environment. Some measures are described in the “Security Guideline Electric Drives and Controls” [2], for example the network segmentation. In general, it is mandatory to implement the measures described in the “Security Guideline Electric Drives and Controls”.
Vulnerability Details
CVE-2023-5246
CVE description: Authentication Bypass by Capture-replay in SICK Flexi Soft Gateways with Partnumbers 1044073, 1127717, 1130282, 1044074, 1121597, 1099832, 1051432, 1127487, 1069070, 1112296, 1044072, 1121596, 1099830 allows an unauthenticated remote attacker to potentially impact the availabilty, integrity and confidentaility of the gateways via an authentication bypass by capture-replay.
- Problem Type:
- CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Base Score: 8.8 (High)
Remarks
Security Update Information
With respect to Directive (EU) 2019/770 and Directive (EU) 2019/771 and their national transposition laws, please note:
It is your responsibility to download and/or install any security updates provided by us, for example to maintain product or data security. If you fail to install a security update provided to you within a reasonable period of time, we will not be liable for any product defect solely due to the absence of such security update.
Alternatively, we are entitled to directly download and/or install security updates regardless of your settings. In these cases, we will provide you with the relevant information, e.g. in this security advisory.
CVSS Scoring
Vulnerability classification has been performed using the CVSS v3.1 scoring system . The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.
Additional Resources
- [1] Third Party Supplier Advisory: https://sick.com/.well-known/csaf/white/2023/sca-2023-0011.pdf
- [2] Security Guideline Electric Drives and Controls: https://www.boschrexroth.com/various/utilities/mediadirectory/download/index.jsp?object_nr=R911342562
Please contact the Bosch PSIRT if you have feedback, comments, or additional information about this vulnerability at: psirt@bosch.com .
Revision History
- 24 Oct 2023: Initial Publication