CVE-2023-23444 – This vulnerability allows unauthenticated remot... (How to Fix)

Q: What is the severity of CVE-2023-23444?

CVE-2023-23444 has a CVSS score of 7.5 (HIGH). This vulnerability allows unauthenticated remote attackers to disrupt SICK Flexi Classic and Flexi Soft Gateways by changing their IP settings via broadcasted UDP packets. Attackers can cause denial of service by making devices unreachable on the network. Organizations using the affected SICK industrial gateways are impacted.

📋 TL;DR

This vulnerability allows unauthenticated remote attackers to disrupt SICK Flexi Classic and Flexi Soft Gateways by changing their IP settings via broadcasted UDP packets. Attackers can cause denial of service by making devices unreachable on the network. Organizations using the affected SICK industrial gateways are impacted.

💻 Affected Systems

Products:

SICK Flexi Classic Gateways
SICK Flexi Soft Gateways

Versions: All versions with affected part numbers

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affected by specific part numbers: 1042193, 1042964, 1044078, 1044072, 1044073, 1044074, 1099830, 1099832, 1127717, 1069070, 1112296, 1051432, 1102420, 1127487, 1121596, 1121597

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete network isolation of affected devices, disrupting industrial operations and causing production downtime.

🟠

Likely Case

Temporary network connectivity loss requiring manual intervention to restore proper IP configuration.

🟢

If Mitigated

Minimal impact with proper network segmentation and access controls preventing unauthorized UDP traffic.

🌐 Internet-Facing: MEDIUM - Devices directly exposed to internet could be disrupted, but industrial systems typically aren't internet-facing.

🏢 Internal Only: HIGH - Within industrial networks, attackers could disrupt critical automation systems without authentication.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending crafted UDP packets to broadcast addresses, which is trivial for attackers with network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific firmware versions

Vendor Advisory: https://sick.com/psirt

Restart Required: Yes

Instructions:

1. Check affected part numbers. 2. Download latest firmware from SICK support portal. 3. Follow SICK's firmware update procedure. 4. Verify IP settings after update.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected devices in separate VLANs with strict firewall rules

UDP Broadcast Filtering

all

Block UDP broadcast packets to affected devices at network perimeter

🧯 If You Can't Patch

Implement strict network segmentation to isolate affected devices from untrusted networks
Deploy network monitoring to detect and alert on suspicious UDP broadcast traffic

🔍 How to Verify

Check if Vulnerable:

Check device part number against affected list and verify if running vulnerable firmware

Check Version:

Check via SICK SOPAS ET configuration tool or device web interface

Verify Fix Applied:

Confirm firmware version is updated per vendor advisory and test UDP broadcast packets no longer affect IP settings

📡 Detection & Monitoring

Log Indicators:

Unexpected IP address changes
Network connectivity loss logs
Broadcast UDP packet reception

Network Indicators:

UDP broadcast packets to port 30718 (typical SICK port)
Unusual UDP traffic to industrial devices

SIEM Query:

udp.dstport == 30718 AND udp.length > 100

📊 Metadata

CVE ID: CVE-2023-23444

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-306

Published: May 12, 2023

Last Updated: January 24, 2025

🔗 References

https://sick.com/.well-known/csaf/white/2023/sca-2023-0003.json Vendor Advisory
https://sick.com/.well-known/csaf/white/2023/sca-2023-0003.pdf Vendor Advisory
https://sick.com/psirt Vendor Advisory
https://sick.com/.well-known/csaf/white/2023/sca-2023-0003.json Vendor Advisory
https://sick.com/.well-known/csaf/white/2023/sca-2023-0003.pdf Vendor Advisory
https://sick.com/psirt Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-23444, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Fx0 Gent00000 Firmware by Sick

Fx0 Gent00010 Firmware by Sick

Fx0 Gent00030 Firmware by Sick

Fx0 Gmod00000 Firmware by Sick

Fx0 Gmod00010 Firmware by Sick

Fx0 Gpnt00000 Firmware by Sick

Fx0 Gpnt00010 Firmware by Sick

Fx0 Gpnt00030 Firmware by Sick

Ue410 En1 Firmware by Sick

Ue410 En3 Firmware by Sick

Ue410 En4 Firmware by Sick