Lucene search

SICK AGCVE-2023-23445

HistoryMay 15, 2023 - 11:15 a.m.

CVE-2023-23445

2023-05-1511:15:09

CWE-284

CWE-863

SICK AG

web.nvd.nist.gov

cve-2023-23445

improper access control

sick ftmg air flow sensor

partnumbers

unauthorized access

remote attacker

data fields

unprivileged account

rest interface

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

49.7%

JSON

Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers
1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote
attacker to gain unauthorized access to data fields by using a therefore unpriviledged account via the
REST interface.

Affected configurations

Nvd

Node

sickftmg-esd20axxMatch-

AND

sickftmg-esd20axx_firmwareRange<2.0

Node

sickftmg-esd25axxMatch-

AND

sickftmg-esd25axx_firmwareRange<2.0

Node

sickftmg-esn40sxxMatch-

AND

sickftmg-esn40sxx_firmwareRange<2.0

Node

sickftmg-esn50sxxMatch-

AND

sickftmg-esn50sxx_firmwareRange<2.0

Node

sickftmg-esr50sxxMatch-

AND

sickftmg-esr50sxx_firmwareRange<2.0

Node

sickftmg-esr40sxxMatch-

AND

sickftmg-esr40sxx_firmwareRange<2.0

Node

sickftmg-esd15axxMatch-

AND

sickftmg-esd15axx_firmwareRange<2.0

VendorProductVersionCPE
sickftmg-esd20axx-cpe:2.3:h:sick:ftmg-esd20axx:-:*:*:*:*:*:*:*
sickftmg-esd20axx_firmware*cpe:2.3:o:sick:ftmg-esd20axx_firmware:*:*:*:*:*:*:*:*
sickftmg-esd25axx-cpe:2.3:h:sick:ftmg-esd25axx:-:*:*:*:*:*:*:*
sickftmg-esd25axx_firmware*cpe:2.3:o:sick:ftmg-esd25axx_firmware:*:*:*:*:*:*:*:*
sickftmg-esn40sxx-cpe:2.3:h:sick:ftmg-esn40sxx:-:*:*:*:*:*:*:*
sickftmg-esn40sxx_firmware*cpe:2.3:o:sick:ftmg-esn40sxx_firmware:*:*:*:*:*:*:*:*
sickftmg-esn50sxx-cpe:2.3:h:sick:ftmg-esn50sxx:-:*:*:*:*:*:*:*
sickftmg-esn50sxx_firmware*cpe:2.3:o:sick:ftmg-esn50sxx_firmware:*:*:*:*:*:*:*:*
sickftmg-esr50sxx-cpe:2.3:h:sick:ftmg-esr50sxx:-:*:*:*:*:*:*:*
sickftmg-esr50sxx_firmware*cpe:2.3:o:sick:ftmg-esr50sxx_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sick	ftmg-esd20axx	-	cpe:2.3:h:sick:ftmg-esd20axx:-:::::::*
sick	ftmg-esd20axx_firmware	*	cpe:2.3:o:sick:ftmg-esd20axx_firmware::::::::
sick	ftmg-esd25axx	-	cpe:2.3:h:sick:ftmg-esd25axx:-:::::::*
sick	ftmg-esd25axx_firmware	*	cpe:2.3:o:sick:ftmg-esd25axx_firmware::::::::
sick	ftmg-esn40sxx	-	cpe:2.3:h:sick:ftmg-esn40sxx:-:::::::*
sick	ftmg-esn40sxx_firmware	*	cpe:2.3:o:sick:ftmg-esn40sxx_firmware::::::::
sick	ftmg-esn50sxx	-	cpe:2.3:h:sick:ftmg-esn50sxx:-:::::::*
sick	ftmg-esn50sxx_firmware	*	cpe:2.3:o:sick:ftmg-esn50sxx_firmware::::::::
sick	ftmg-esr50sxx	-	cpe:2.3:h:sick:ftmg-esr50sxx:-:::::::*
sick	ftmg-esr50sxx_firmware	*	cpe:2.3:o:sick:ftmg-esr50sxx_firmware::::::::

Rows per page:

1-10 of 141

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "SICK FTMG-ESD15AXX AIR FLOW SENSOR",
    "vendor": "SICK AG",
    "versions": [
      {
        "status": "affected",
        "version": "all firmware versions"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "SICK FTMG-ESD20AXX AIR FLOW SENSOR",
    "vendor": "SICK AG",
    "versions": [
      {
        "status": "affected",
        "version": "all firmware versions"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "SICK FTMG-ESD25AXX AIR FLOW SENSOR",
    "vendor": "SICK AG",
    "versions": [
      {
        "status": "affected",
        "version": "all firmware versions"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "SICK FTMG-ESN40SXX AIR FLOW SENSOR",
    "vendor": "SICK AG",
    "versions": [
      {
        "status": "affected",
        "version": "all firmware versions"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "SICK FTMG-ESN50SXX AIR FLOW SENSOR",
    "vendor": "SICK AG",
    "versions": [
      {
        "status": "affected",
        "version": "all firmware versions"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "SICK FTMG-ESR40SXX AIR FLOW SENSOR",
    "vendor": "SICK AG",
    "versions": [
      {
        "status": "affected",
        "version": "all firmware versions"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "SICK FTMG-ESR50SXX AIR FLOW SENSOR",
    "vendor": "SICK AG",
    "versions": [
      {
        "status": "affected",
        "version": "all firmware versions"
      }
    ]
  }
]

References

sick.com/.well-known/csaf/white/2023/sca-2023-0004.json

sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf

sick.com/psirt

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

49.7%

JSON

Related for CVE-2023-23445