CVE-2023-23446

Published May 15, 2023

Last updated a year ago

CVSS high 7.5

Overview

Description: Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface.
Source: psirt@sick.de
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-863
psirt@sick.de: CWE-284

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:sick:ftmg-esd20axx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3882685-8678-47E4-995C-C3F6D9AD5668",
            "versionEndExcluding": "2.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:sick:ftmg-esd20axx:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "16AD808F-900B-41EE-B90A-F9D67AAAD6BE"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:sick:ftmg-esd25axx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49D930E8-415C-4183-87A1-8D7F44247B67",
            "versionEndExcluding": "2.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:sick:ftmg-esd25axx:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "24618A95-328C-47C9-B8EF-B4DF6E65D68E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:sick:ftmg-esn40sxx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1DCC9C0B-7CCE-44E5-B25D-67BF971B4541",
            "versionEndExcluding": "2.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:sick:ftmg-esn40sxx:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "290B016B-20B7-40C1-B825-6ED4774C4861"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:sick:ftmg-esn50sxx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E23D6018-1DFB-4516-82C9-3A3B09C2CBF9",
            "versionEndExcluding": "2.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:sick:ftmg-esn50sxx:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1B113D9E-8E61-4F9C-9E5B-2030EEFB133B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:sick:ftmg-esr50sxx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77F2683F-B1B5-4033-97D4-ADF77B6B50E8",
            "versionEndExcluding": "2.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:sick:ftmg-esr50sxx:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A02547D3-5E40-41B3-A7B4-D63F60A5F80B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:sick:ftmg-esr40sxx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9075A02A-C627-43DA-ACF7-776197B518C5",
            "versionEndExcluding": "2.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:sick:ftmg-esr40sxx:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7B887993-18A8-493F-97A1-A788FBD5A5B9"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:sick:ftmg-esd15axx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9219CD8-34CE-45A2-904A-E7B1740706C2",
            "versionEndExcluding": "2.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:sick:ftmg-esd15axx:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FF162AA9-6645-4032-8D29-BAE2D60FBD9B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References