Lucene search

SICK AGCVELIST:CVE-2023-23446

HistoryMay 15, 2023 - 10:52 a.m.

CVE-2023-23446

2023-05-1510:52:30

CWE-284

SICK AG

www.cve.org

improper access control

sick ftmg

air flow sensor

partnumbers

remote attacker

download files

rest interface

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

51.4%

JSON

Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers
1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "SICK FTMG-ESD15AXX AIR FLOW SENSOR",
    "vendor": "SICK AG",
    "versions": [
      {
        "lessThan": "v3.0.0.131.Release",
        "status": "affected",
        "version": "0",
        "versionType": "*"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "SICK FTMG-ESD20AXX AIR FLOW SENSOR",
    "vendor": "SICK AG",
    "versions": [
      {
        "lessThan": "v3.0.0.131.Release",
        "status": "affected",
        "version": "0",
        "versionType": "*"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "SICK FTMG-ESD25AXX AIR FLOW SENSOR",
    "vendor": "SICK AG",
    "versions": [
      {
        "lessThan": "v3.0.0.131.Release",
        "status": "affected",
        "version": "0",
        "versionType": "*"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "SICK FTMG-ESN40SXX AIR FLOW SENSOR",
    "vendor": "SICK AG",
    "versions": [
      {
        "lessThan": "v3.0.0.131.Release",
        "status": "affected",
        "version": "0",
        "versionType": "*"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "SICK FTMG-ESN50SXX AIR FLOW SENSOR",
    "vendor": "SICK AG",
    "versions": [
      {
        "lessThan": "v3.0.0.131.Release",
        "status": "affected",
        "version": "0",
        "versionType": "*"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "SICK FTMG-ESR40SXX AIR FLOW SENSOR",
    "vendor": "SICK AG",
    "versions": [
      {
        "lessThan": "v3.0.0.131.Release",
        "status": "affected",
        "version": "0",
        "versionType": "*"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "SICK FTMG-ESR50SXX AIR FLOW SENSOR",
    "vendor": "SICK AG",
    "versions": [
      {
        "lessThan": "v3.0.0.131.Release",
        "status": "affected",
        "version": "0",
        "versionType": "*"
      }
    ]
  }
]

References

sick.com/.well-known/csaf/white/2023/sca-2023-0004.json

sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf

sick.com/psirt

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

51.4%

JSON

Related for CVELIST:CVE-2023-23446