Lucene search

[email protected]NVD:CVE-2023-23450

HistoryMay 15, 2023 - 11:15 a.m.

CVE-2023-23450

2023-05-1511:15:09

CWE-287

CWE-836

[email protected]

web.nvd.nist.gov

password hash

authentication

sick ftmg aif flow sensor

partnumbers

remote attacker

rest interface

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

64.7%

JSON

Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR
FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526
allows an unprivileged remote attacker to use a password hash instead of an actual password to login
to a valid user account via the REST interface.

Affected configurations

NVD

Node

sickftmg-esd20axx_firmwareRange<2.0

AND

sickftmg-esd20axxMatch-

Node

sickftmg-esd25axx_firmwareRange<2.0

AND

sickftmg-esd25axxMatch-

Node

sickftmg-esn40sxx_firmwareRange<2.0

AND

sickftmg-esn40sxxMatch-

Node

sickftmg-esn50sxx_firmwareRange<2.0

AND

sickftmg-esn50sxxMatch-

Node

sickftmg-esr50sxx_firmwareRange<2.0

AND

sickftmg-esr50sxxMatch-

Node

sickftmg-esr40sxx_firmwareRange<2.0

AND

sickftmg-esr40sxxMatch-

Node

sickftmg-esd15axx_firmwareRange<2.0

AND

sickftmg-esd15axxMatch-

References

sick.com/.well-known/csaf/white/2023/sca-2023-0004.json

sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf

sick.com/psirt

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

64.7%

JSON

Related for NVD:CVE-2023-23450

cvelist1 prion1 cve1