CVE-2023-23445

Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to gain unauthorized access to data fields by using a therefore unpriviledged account via the REST interface.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:sick:ftmg-esd20axx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:ftmg-esd20axx:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:sick:ftmg-esd25axx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:ftmg-esd25axx:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:sick:ftmg-esn40sxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:ftmg-esn40sxx:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:sick:ftmg-esn50sxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:ftmg-esn50sxx:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:sick:ftmg-esr50sxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:ftmg-esr50sxx:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:sick:ftmg-esr40sxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:ftmg-esr40sxx:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:sick:ftmg-esd15axx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:ftmg-esd15axx:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:46

Type Values Removed Values Added
References () https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json - Vendor Advisory () https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json - Vendor Advisory
References () https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf - Vendor Advisory () https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf - Vendor Advisory
References () https://sick.com/psirt - Vendor Advisory () https://sick.com/psirt - Vendor Advisory

Information

Published : 2023-05-15 11:15

Updated : 2024-11-21 07:46


NVD link : CVE-2023-23445

Mitre link : CVE-2023-23445

CVE.ORG link : CVE-2023-23445


JSON object : View

Products Affected

sick

  • ftmg-esd15axx
  • ftmg-esd20axx
  • ftmg-esn40sxx
  • ftmg-esr50sxx_firmware
  • ftmg-esr40sxx
  • ftmg-esn50sxx
  • ftmg-esr40sxx_firmware
  • ftmg-esd20axx_firmware
  • ftmg-esn50sxx_firmware
  • ftmg-esr50sxx
  • ftmg-esn40sxx_firmware
  • ftmg-esd15axx_firmware
  • ftmg-esd25axx
  • ftmg-esd25axx_firmware
CWE
CWE-284

Improper Access Control

CWE-863

Incorrect Authorization