Lucene search

SICK AGCVE-2023-23448

HistoryMay 15, 2023 - 11:15 a.m.

CVE-2023-23448

2023-05-1511:15:09

CWE-668

CWE-540

SICK AG

web.nvd.nist.gov

cve-2023-23448

information security

source code

sensitive information

remote attack

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.002

Percentile

55.0%

JSON

Inclusion of Sensitive Information in Source Code in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a
remote attacker to gain information about valid usernames via analysis of source code.

Affected configurations

Nvd

Node

sickftmg-esd20axx_firmwareRange<2.0

AND

sickftmg-esd20axxMatch-

Node

sickftmg-esd25axx_firmwareRange<2.0

AND

sickftmg-esd25axxMatch-

Node

sickftmg-esn40sxx_firmwareRange<2.0

AND

sickftmg-esn40sxxMatch-

Node

sickftmg-esn50sxx_firmwareRange<2.0

AND

sickftmg-esn50sxxMatch-

Node

sickftmg-esr50sxx_firmwareRange<2.0

AND

sickftmg-esr50sxxMatch-

Node

sickftmg-esr40sxx_firmwareRange<2.0

AND

sickftmg-esr40sxxMatch-

Node

sickftmg-esd15axx_firmwareRange<2.0

AND

sickftmg-esd15axxMatch-

VendorProductVersionCPE
sickftmg-esd20axx_firmware*cpe:2.3:o:sick:ftmg-esd20axx_firmware:*:*:*:*:*:*:*:*
sickftmg-esd20axx-cpe:2.3:h:sick:ftmg-esd20axx:-:*:*:*:*:*:*:*
sickftmg-esd25axx_firmware*cpe:2.3:o:sick:ftmg-esd25axx_firmware:*:*:*:*:*:*:*:*
sickftmg-esd25axx-cpe:2.3:h:sick:ftmg-esd25axx:-:*:*:*:*:*:*:*
sickftmg-esn40sxx_firmware*cpe:2.3:o:sick:ftmg-esn40sxx_firmware:*:*:*:*:*:*:*:*
sickftmg-esn40sxx-cpe:2.3:h:sick:ftmg-esn40sxx:-:*:*:*:*:*:*:*
sickftmg-esn50sxx_firmware*cpe:2.3:o:sick:ftmg-esn50sxx_firmware:*:*:*:*:*:*:*:*
sickftmg-esn50sxx-cpe:2.3:h:sick:ftmg-esn50sxx:-:*:*:*:*:*:*:*
sickftmg-esr50sxx_firmware*cpe:2.3:o:sick:ftmg-esr50sxx_firmware:*:*:*:*:*:*:*:*
sickftmg-esr50sxx-cpe:2.3:h:sick:ftmg-esr50sxx:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sick	ftmg-esd20axx_firmware	*	cpe:2.3:o:sick:ftmg-esd20axx_firmware::::::::
sick	ftmg-esd20axx	-	cpe:2.3:h:sick:ftmg-esd20axx:-:::::::*
sick	ftmg-esd25axx_firmware	*	cpe:2.3:o:sick:ftmg-esd25axx_firmware::::::::
sick	ftmg-esd25axx	-	cpe:2.3:h:sick:ftmg-esd25axx:-:::::::*
sick	ftmg-esn40sxx_firmware	*	cpe:2.3:o:sick:ftmg-esn40sxx_firmware::::::::
sick	ftmg-esn40sxx	-	cpe:2.3:h:sick:ftmg-esn40sxx:-:::::::*
sick	ftmg-esn50sxx_firmware	*	cpe:2.3:o:sick:ftmg-esn50sxx_firmware::::::::
sick	ftmg-esn50sxx	-	cpe:2.3:h:sick:ftmg-esn50sxx:-:::::::*
sick	ftmg-esr50sxx_firmware	*	cpe:2.3:o:sick:ftmg-esr50sxx_firmware::::::::
sick	ftmg-esr50sxx	-	cpe:2.3:h:sick:ftmg-esr50sxx:-:::::::*

Rows per page:

1-10 of 141

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "SICK FTMG-ESD15AXX AIR FLOW SENSOR",
    "vendor": "SICK AG",
    "versions": [
      {
        "status": "affected",
        "version": "all firmware versions"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "SICK FTMG-ESD20AXX AIR FLOW SENSOR",
    "vendor": "SICK AG",
    "versions": [
      {
        "status": "affected",
        "version": "all firmware versions"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "SICK FTMG-ESD25AXX AIR FLOW SENSOR",
    "vendor": "SICK AG",
    "versions": [
      {
        "status": "affected",
        "version": "all firmware versions"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "SICK FTMG-ESN40SXX AIR FLOW SENSOR",
    "vendor": "SICK AG",
    "versions": [
      {
        "status": "affected",
        "version": "all firmware versions"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "SICK FTMG-ESN50SXX AIR FLOW SENSOR",
    "vendor": "SICK AG",
    "versions": [
      {
        "status": "affected",
        "version": "all firmware versions"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "SICK FTMG-ESR40SXX AIR FLOW SENSOR",
    "vendor": "SICK AG",
    "versions": [
      {
        "status": "affected",
        "version": "all firmware versions"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "SICK FTMG-ESR50SXX AIR FLOW SENSOR",
    "vendor": "SICK AG",
    "versions": [
      {
        "status": "affected",
        "version": "all firmware versions"
      }
    ]
  }
]

References

sick.com/.well-known/csaf/white/2023/sca-2023-0004.json

sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf

sick.com/psirt

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.002

Percentile

55.0%

JSON

Related for CVE-2023-23448