CVE-2023-23450

Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to use a password hash instead of an actual password to login to a valid user account via the REST interface.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:sick:ftmg-esd20axx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:ftmg-esd20axx:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:sick:ftmg-esd25axx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:ftmg-esd25axx:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:sick:ftmg-esn40sxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:ftmg-esn40sxx:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:sick:ftmg-esn50sxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:ftmg-esn50sxx:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:sick:ftmg-esr50sxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:ftmg-esr50sxx:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:sick:ftmg-esr40sxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:ftmg-esr40sxx:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:sick:ftmg-esd15axx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:ftmg-esd15axx:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:46

Type Values Removed Values Added
References () https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json - Vendor Advisory () https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json - Vendor Advisory
References () https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf - Vendor Advisory () https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf - Vendor Advisory
References () https://sick.com/psirt - Vendor Advisory () https://sick.com/psirt - Vendor Advisory
CVSS v2 : unknown
v3 : 9.8
v2 : unknown
v3 : 6.2

30 May 2023, 14:11

Type Values Removed Values Added
CWE CWE-287
References (MISC) https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf - (MISC) https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf - Vendor Advisory
References (MISC) https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json - (MISC) https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json - Vendor Advisory
References (MISC) https://sick.com/psirt - (MISC) https://sick.com/psirt - Vendor Advisory
CPE cpe:2.3:o:sick:ftmg-esr40sxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:sick:ftmg-esn50sxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:ftmg-esn40sxx:-:*:*:*:*:*:*:*
cpe:2.3:o:sick:ftmg-esn40sxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:ftmg-esn50sxx:-:*:*:*:*:*:*:*
cpe:2.3:h:sick:ftmg-esr40sxx:-:*:*:*:*:*:*:*
cpe:2.3:o:sick:ftmg-esd15axx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:ftmg-esd20axx:-:*:*:*:*:*:*:*
cpe:2.3:h:sick:ftmg-esr50sxx:-:*:*:*:*:*:*:*
cpe:2.3:o:sick:ftmg-esd20axx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:sick:ftmg-esr50sxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:ftmg-esd25axx:-:*:*:*:*:*:*:*
cpe:2.3:o:sick:ftmg-esd25axx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:ftmg-esd15axx:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
First Time Sick ftmg-esr50sxx Firmware
Sick ftmg-esr40sxx Firmware
Sick ftmg-esd20axx
Sick ftmg-esd25axx Firmware
Sick ftmg-esn40sxx
Sick ftmg-esd25axx
Sick ftmg-esr40sxx
Sick ftmg-esn50sxx Firmware
Sick ftmg-esd15axx
Sick ftmg-esr50sxx
Sick
Sick ftmg-esd20axx Firmware
Sick ftmg-esn50sxx
Sick ftmg-esd15axx Firmware
Sick ftmg-esn40sxx Firmware

Information

Published : 2023-05-15 11:15

Updated : 2024-11-21 07:46


NVD link : CVE-2023-23450

Mitre link : CVE-2023-23450

CVE.ORG link : CVE-2023-23450


JSON object : View

Products Affected

sick

  • ftmg-esd15axx
  • ftmg-esd20axx
  • ftmg-esn40sxx
  • ftmg-esr50sxx_firmware
  • ftmg-esr40sxx
  • ftmg-esn50sxx
  • ftmg-esr40sxx_firmware
  • ftmg-esd20axx_firmware
  • ftmg-esn50sxx_firmware
  • ftmg-esr50sxx
  • ftmg-esn40sxx_firmware
  • ftmg-esd15axx_firmware
  • ftmg-esd25axx
  • ftmg-esd25axx_firmware
CWE
CWE-836

Use of Password Hash Instead of Password for Authentication

CWE-287

Improper Authentication