Lucene search

[email protected]NVD:CVE-2023-31409

HistoryMay 15, 2023 - 11:15 a.m.

CVE-2023-31409

2023-05-1511:15:09

CWE-400

[email protected]

web.nvd.nist.gov

resource consumption

sick ftmg air flow sensor

partnumbers 1100214

1100215

1100216

1120114

1120116

1122524

1122526

remote attacker

webserver availability

slowloris

http requests

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

Confidence

High

EPSS

0.003

Percentile

69.7%

JSON

Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an remote attacker to influence the availability of the webserver by invocing a Slowloris style attack via HTTP requests.

Affected configurations

Nvd

Node

sickftmg-esd20axxMatch-

AND

sickftmg-esd20axx_firmwareRange<2.0

Node

sickftmg-esd25axxMatch-

AND

sickftmg-esd25axx_firmwareRange<2.0

Node

sickftmg-esn40sxxMatch-

AND

sickftmg-esn40sxx_firmwareRange<2.0

Node

sickftmg-esn50sxxMatch-

AND

sickftmg-esn50sxx_firmwareRange<2.0

Node

sickftmg-esr50sxxMatch-

AND

sickftmg-esr50sxx_firmwareRange<2.0

Node

sickftmg-esr40sxxMatch-

AND

sickftmg-esr40sxx_firmwareRange<2.0

Node

sickftmg-esd15axxMatch-

AND

sickftmg-esd15axx_firmwareRange<2.0

VendorProductVersionCPE
sickftmg-esd20axx-cpe:2.3:h:sick:ftmg-esd20axx:-:*:*:*:*:*:*:*
sickftmg-esd20axx_firmware*cpe:2.3:o:sick:ftmg-esd20axx_firmware:*:*:*:*:*:*:*:*
sickftmg-esd25axx-cpe:2.3:h:sick:ftmg-esd25axx:-:*:*:*:*:*:*:*
sickftmg-esd25axx_firmware*cpe:2.3:o:sick:ftmg-esd25axx_firmware:*:*:*:*:*:*:*:*
sickftmg-esn40sxx-cpe:2.3:h:sick:ftmg-esn40sxx:-:*:*:*:*:*:*:*
sickftmg-esn40sxx_firmware*cpe:2.3:o:sick:ftmg-esn40sxx_firmware:*:*:*:*:*:*:*:*
sickftmg-esn50sxx-cpe:2.3:h:sick:ftmg-esn50sxx:-:*:*:*:*:*:*:*
sickftmg-esn50sxx_firmware*cpe:2.3:o:sick:ftmg-esn50sxx_firmware:*:*:*:*:*:*:*:*
sickftmg-esr50sxx-cpe:2.3:h:sick:ftmg-esr50sxx:-:*:*:*:*:*:*:*
sickftmg-esr50sxx_firmware*cpe:2.3:o:sick:ftmg-esr50sxx_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sick	ftmg-esd20axx	-	cpe:2.3:h:sick:ftmg-esd20axx:-:::::::*
sick	ftmg-esd20axx_firmware	*	cpe:2.3:o:sick:ftmg-esd20axx_firmware::::::::
sick	ftmg-esd25axx	-	cpe:2.3:h:sick:ftmg-esd25axx:-:::::::*
sick	ftmg-esd25axx_firmware	*	cpe:2.3:o:sick:ftmg-esd25axx_firmware::::::::
sick	ftmg-esn40sxx	-	cpe:2.3:h:sick:ftmg-esn40sxx:-:::::::*
sick	ftmg-esn40sxx_firmware	*	cpe:2.3:o:sick:ftmg-esn40sxx_firmware::::::::
sick	ftmg-esn50sxx	-	cpe:2.3:h:sick:ftmg-esn50sxx:-:::::::*
sick	ftmg-esn50sxx_firmware	*	cpe:2.3:o:sick:ftmg-esn50sxx_firmware::::::::
sick	ftmg-esr50sxx	-	cpe:2.3:h:sick:ftmg-esr50sxx:-:::::::*
sick	ftmg-esr50sxx_firmware	*	cpe:2.3:o:sick:ftmg-esr50sxx_firmware::::::::

Rows per page:

1-10 of 141

References

sick.com/.well-known/csaf/white/2023/sca-2023-0004.json

sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf

sick.com/psirt

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

Confidence

High

EPSS

0.003

Percentile

69.7%

JSON

Related for NVD:CVE-2023-31409

cve1 cvelist1 prion1