Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistSICK AGCVELIST:CVE-2023-23449
HistoryMay 15, 2023 - 10:54 a.m.

CVE-2023-23449

2023-05-1510:54:46
CWE-204
SICK AG
www.cve.org
1
observable response discrepancy
sick ftmg air flow sensor
remote attacker
username enumeration
rest interface

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

0.002

Percentile

55.0%

JSON

Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker
to gain information about valid usernames by analyzing challenge responses from the server via the
REST interface.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "SICK FTMG-ESD15AXX AIR FLOW SENSOR",
    "vendor": "SICK AG",
    "versions": [
      {
        "status": "affected",
        "version": "all firmware versions"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "SICK FTMG-ESD20AXX AIR FLOW SENSOR",
    "vendor": "SICK AG",
    "versions": [
      {
        "status": "affected",
        "version": "all firmware versions"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "SICK FTMG-ESD25AXX AIR FLOW SENSOR",
    "vendor": "SICK AG",
    "versions": [
      {
        "status": "affected",
        "version": "all firmware versions"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "SICK FTMG-ESN40SXX AIR FLOW SENSOR",
    "vendor": "SICK AG",
    "versions": [
      {
        "status": "affected",
        "version": "all firmware versions"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "SICK FTMG-ESN50SXX AIR FLOW SENSOR",
    "vendor": "SICK AG",
    "versions": [
      {
        "status": "affected",
        "version": "all firmware versions"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "SICK FTMG-ESR40SXX AIR FLOW SENSOR",
    "vendor": "SICK AG",
    "versions": [
      {
        "status": "affected",
        "version": "all firmware versions"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "SICK FTMG-ESR50SXX AIR FLOW SENSOR",
    "vendor": "SICK AG",
    "versions": [
      {
        "status": "affected",
        "version": "all firmware versions"
      }
    ]
  }
]

Related

prion 1
cve 1
nvd 1
prion
prion
Design/Logic Flaw
2023-05-15 11:15:00
cve
cve
CVE-2023-23449
2023-05-15 11:15:09
nvd
nvd
CVE-2023-23449
2023-05-15 11:15:09

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

0.002

Percentile

55.0%

JSON
Related for CVELIST:CVE-2023-23449
prion1cve1nvd1