Lucene search

[email protected]NVD:CVE-2023-23449

HistoryMay 15, 2023 - 11:15 a.m.

CVE-2023-23449

2023-05-1511:15:09

CWE-204

CWE-203

[email protected]

web.nvd.nist.gov

sick ftmg air flow sensor

partnumbers

remote attacker

information disclosure

challenge responses

rest interface

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.3 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.1%

JSON

Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker
to gain information about valid usernames by analyzing challenge responses from the server via the
REST interface.

Affected configurations

NVD

Node

sickftmg-esd20axx_firmwareRange<2.0

AND

sickftmg-esd20axxMatch-

Node

sickftmg-esd25axx_firmwareRange<2.0

AND

sickftmg-esd25axxMatch-

Node

sickftmg-esn40sxx_firmwareRange<2.0

AND

sickftmg-esn40sxxMatch-

Node

sickftmg-esn50sxx_firmwareRange<2.0

AND

sickftmg-esn50sxxMatch-

Node

sickftmg-esr50sxx_firmwareRange<2.0

AND

sickftmg-esr50sxxMatch-

Node

sickftmg-esr40sxx_firmwareRange<2.0

AND

sickftmg-esr40sxxMatch-

Node

sickftmg-esd15axx_firmwareRange<2.0

AND

sickftmg-esd15axxMatch-

References

sick.com/.well-known/csaf/white/2023/sca-2023-0004.json

sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf

sick.com/psirt

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.3 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.1%

JSON

Related for NVD:CVE-2023-23449

prion1 cvelist1 cve1