CVE-2023-23451
📋 TL;DR
This vulnerability affects multiple SICK Flexi Classic and Flexi Soft Gateway products where Telnet is enabled by default without a password. Attackers can gain unauthorized access to these industrial network gateways, potentially compromising connected systems. All devices with serial numbers <=2311xxxx and specified firmware versions are affected.
💻 Affected Systems
- SICK UE410-EN3 FLEXI ETHERNET GATEW
- SICK UE410-EN1 FLEXI ETHERNET GATEW
- SICK UE410-EN3S04 FLEXI ETHERNET GATEW
- SICK UE410-EN4 FLEXI ETHERNET GATEW
- SICK FX0-GENT00000 FLEXISOFT EIP GATEW
- SICK FX0-GMOD00000 FLEXISOFT MOD GATEW
- SICK FX0-GPNT00000 FLEXISOFT PNET GATEW
- SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2
- SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2
- SICK FX0-GMOD00010 FLEXISOFT MOD GW
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of industrial control systems, unauthorized configuration changes, data exfiltration, or disruption of industrial processes leading to safety incidents.
Likely Case
Unauthorized access to gateway configuration, network reconnaissance, and potential lateral movement to connected industrial systems.
If Mitigated
Limited to isolated network segments with proper access controls, reducing exposure to authorized personnel only.
🎯 Exploit Status
Exploitation requires only Telnet access to port 23 with no authentication. This is trivial for attackers with network access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Varies by product - check vendor advisory for specific versions
Vendor Advisory: https://sick.com/psirt
Restart Required: Yes
Instructions:
1. Check device serial number and firmware version. 2. If affected, download latest firmware from SICK support portal. 3. Apply firmware update following vendor documentation. 4. Verify Telnet is disabled or properly secured post-update.
🔧 Temporary Workarounds
Disable Telnet Service
allDisable Telnet service on affected gateways if not required for operations
telnet 192.168.1.100
login: admin
password: [set if not configured]
disable telnet
Set Strong Telnet Password
allConfigure strong authentication for Telnet service if it must remain enabled
telnet 192.168.1.100
login: admin
password: [set if not configured]
set password strongpassword
🧯 If You Can't Patch
- Isolate affected devices in separate VLAN with strict firewall rules blocking Telnet access
- Implement network segmentation to prevent lateral movement from compromised gateways
🔍 How to Verify
Check if Vulnerable:
Attempt Telnet connection to port 23 of gateway IP. If connection succeeds without authentication, device is vulnerable.Check Version:
telnet [gateway_ip] then check version via device CLI or web interfaceVerify Fix Applied:
Verify Telnet connection requires authentication or is disabled. Check firmware version against patched versions in vendor advisory.📡 Detection & Monitoring
Log Indicators:
- Failed authentication attempts on Telnet
- Successful Telnet connections without authentication
- Configuration changes from Telnet sessions
Network Indicators:
- Telnet traffic to industrial gateways
- Unusual Telnet connections from external IPs
- Port 23 scanning activity
SIEM Query:
source="gateway_logs" AND (event="telnet_login" AND auth_result="success" AND user="none") OR (port=23 AND protocol="telnet" AND src_ip NOT IN allowed_ips)