Lucene search

SICK AGCVE-2023-23446

HistoryMay 15, 2023 - 11:15 a.m.

CVE-2023-23446

2023-05-1511:15:09

CWE-284

CWE-863

SICK AG

web.nvd.nist.gov

cve-2023-23446

improper access control

sick ftmg air flow sensor

remote attack

file download

rest interface

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.4

Confidence

High

EPSS

0.002

Percentile

51.3%

JSON

Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers
1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface.

Affected configurations

Nvd

Node

sickftmg-esd20axx_firmwareRange<2.0

AND

sickftmg-esd20axxMatch-

Node

sickftmg-esd25axx_firmwareRange<2.0

AND

sickftmg-esd25axxMatch-

Node

sickftmg-esn40sxx_firmwareRange<2.0

AND

sickftmg-esn40sxxMatch-

Node

sickftmg-esn50sxx_firmwareRange<2.0

AND

sickftmg-esn50sxxMatch-

Node

sickftmg-esr50sxx_firmwareRange<2.0

AND

sickftmg-esr50sxxMatch-

Node

sickftmg-esr40sxx_firmwareRange<2.0

AND

sickftmg-esr40sxxMatch-

Node

sickftmg-esd15axx_firmwareRange<2.0

AND

sickftmg-esd15axxMatch-

VendorProductVersionCPE
sickftmg-esd20axx_firmware*cpe:2.3:o:sick:ftmg-esd20axx_firmware:*:*:*:*:*:*:*:*
sickftmg-esd20axx-cpe:2.3:h:sick:ftmg-esd20axx:-:*:*:*:*:*:*:*
sickftmg-esd25axx_firmware*cpe:2.3:o:sick:ftmg-esd25axx_firmware:*:*:*:*:*:*:*:*
sickftmg-esd25axx-cpe:2.3:h:sick:ftmg-esd25axx:-:*:*:*:*:*:*:*
sickftmg-esn40sxx_firmware*cpe:2.3:o:sick:ftmg-esn40sxx_firmware:*:*:*:*:*:*:*:*
sickftmg-esn40sxx-cpe:2.3:h:sick:ftmg-esn40sxx:-:*:*:*:*:*:*:*
sickftmg-esn50sxx_firmware*cpe:2.3:o:sick:ftmg-esn50sxx_firmware:*:*:*:*:*:*:*:*
sickftmg-esn50sxx-cpe:2.3:h:sick:ftmg-esn50sxx:-:*:*:*:*:*:*:*
sickftmg-esr50sxx_firmware*cpe:2.3:o:sick:ftmg-esr50sxx_firmware:*:*:*:*:*:*:*:*
sickftmg-esr50sxx-cpe:2.3:h:sick:ftmg-esr50sxx:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sick	ftmg-esd20axx_firmware	*	cpe:2.3:o:sick:ftmg-esd20axx_firmware::::::::
sick	ftmg-esd20axx	-	cpe:2.3:h:sick:ftmg-esd20axx:-:::::::*
sick	ftmg-esd25axx_firmware	*	cpe:2.3:o:sick:ftmg-esd25axx_firmware::::::::
sick	ftmg-esd25axx	-	cpe:2.3:h:sick:ftmg-esd25axx:-:::::::*
sick	ftmg-esn40sxx_firmware	*	cpe:2.3:o:sick:ftmg-esn40sxx_firmware::::::::
sick	ftmg-esn40sxx	-	cpe:2.3:h:sick:ftmg-esn40sxx:-:::::::*
sick	ftmg-esn50sxx_firmware	*	cpe:2.3:o:sick:ftmg-esn50sxx_firmware::::::::
sick	ftmg-esn50sxx	-	cpe:2.3:h:sick:ftmg-esn50sxx:-:::::::*
sick	ftmg-esr50sxx_firmware	*	cpe:2.3:o:sick:ftmg-esr50sxx_firmware::::::::
sick	ftmg-esr50sxx	-	cpe:2.3:h:sick:ftmg-esr50sxx:-:::::::*

Rows per page:

1-10 of 141

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "SICK FTMG-ESD15AXX AIR FLOW SENSOR",
    "vendor": "SICK AG",
    "versions": [
      {
        "lessThan": "v3.0.0.131.Release",
        "status": "affected",
        "version": "0",
        "versionType": "*"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "SICK FTMG-ESD20AXX AIR FLOW SENSOR",
    "vendor": "SICK AG",
    "versions": [
      {
        "lessThan": "v3.0.0.131.Release",
        "status": "affected",
        "version": "0",
        "versionType": "*"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "SICK FTMG-ESD25AXX AIR FLOW SENSOR",
    "vendor": "SICK AG",
    "versions": [
      {
        "lessThan": "v3.0.0.131.Release",
        "status": "affected",
        "version": "0",
        "versionType": "*"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "SICK FTMG-ESN40SXX AIR FLOW SENSOR",
    "vendor": "SICK AG",
    "versions": [
      {
        "lessThan": "v3.0.0.131.Release",
        "status": "affected",
        "version": "0",
        "versionType": "*"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "SICK FTMG-ESN50SXX AIR FLOW SENSOR",
    "vendor": "SICK AG",
    "versions": [
      {
        "lessThan": "v3.0.0.131.Release",
        "status": "affected",
        "version": "0",
        "versionType": "*"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "SICK FTMG-ESR40SXX AIR FLOW SENSOR",
    "vendor": "SICK AG",
    "versions": [
      {
        "lessThan": "v3.0.0.131.Release",
        "status": "affected",
        "version": "0",
        "versionType": "*"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "SICK FTMG-ESR50SXX AIR FLOW SENSOR",
    "vendor": "SICK AG",
    "versions": [
      {
        "lessThan": "v3.0.0.131.Release",
        "status": "affected",
        "version": "0",
        "versionType": "*"
      }
    ]
  }
]

References

sick.com/.well-known/csaf/white/2023/sca-2023-0004.json

sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf

sick.com/psirt

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.4

Confidence

High

EPSS

0.002

Percentile

51.3%

JSON

Related for CVE-2023-23446