Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR
FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526
allows an unprivileged remote attacker to use a password hash instead of an actual password to login
to a valid user account via the REST interface.
References
Link | Resource |
---|---|
https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json | Vendor Advisory |
https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf | Vendor Advisory |
https://sick.com/psirt | Vendor Advisory |
https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json | Vendor Advisory |
https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf | Vendor Advisory |
https://sick.com/psirt | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
History
21 Nov 2024, 07:46
Type | Values Removed | Values Added |
---|---|---|
References | () https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json - Vendor Advisory | |
References | () https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf - Vendor Advisory | |
References | () https://sick.com/psirt - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.2 |
30 May 2023, 14:11
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-287 | |
References | (MISC) https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf - Vendor Advisory | |
References | (MISC) https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json - Vendor Advisory | |
References | (MISC) https://sick.com/psirt - Vendor Advisory | |
CPE | cpe:2.3:o:sick:ftmg-esr40sxx_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:sick:ftmg-esn50sxx_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:sick:ftmg-esn40sxx:-:*:*:*:*:*:*:* cpe:2.3:o:sick:ftmg-esn40sxx_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:sick:ftmg-esn50sxx:-:*:*:*:*:*:*:* cpe:2.3:h:sick:ftmg-esr40sxx:-:*:*:*:*:*:*:* cpe:2.3:o:sick:ftmg-esd15axx_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:sick:ftmg-esd20axx:-:*:*:*:*:*:*:* cpe:2.3:h:sick:ftmg-esr50sxx:-:*:*:*:*:*:*:* cpe:2.3:o:sick:ftmg-esd20axx_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:sick:ftmg-esr50sxx_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:sick:ftmg-esd25axx:-:*:*:*:*:*:*:* cpe:2.3:o:sick:ftmg-esd25axx_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:sick:ftmg-esd15axx:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
First Time |
Sick ftmg-esr50sxx Firmware
Sick ftmg-esr40sxx Firmware Sick ftmg-esd20axx Sick ftmg-esd25axx Firmware Sick ftmg-esn40sxx Sick ftmg-esd25axx Sick ftmg-esr40sxx Sick ftmg-esn50sxx Firmware Sick ftmg-esd15axx Sick ftmg-esr50sxx Sick Sick ftmg-esd20axx Firmware Sick ftmg-esn50sxx Sick ftmg-esd15axx Firmware Sick ftmg-esn40sxx Firmware |
Information
Published : 2023-05-15 11:15
Updated : 2024-11-21 07:46
NVD link : CVE-2023-23450
Mitre link : CVE-2023-23450
CVE.ORG link : CVE-2023-23450
JSON object : View
Products Affected
sick
- ftmg-esd15axx
- ftmg-esd20axx
- ftmg-esn40sxx
- ftmg-esr50sxx_firmware
- ftmg-esr40sxx
- ftmg-esn50sxx
- ftmg-esr40sxx_firmware
- ftmg-esd20axx_firmware
- ftmg-esn50sxx_firmware
- ftmg-esr50sxx
- ftmg-esn40sxx_firmware
- ftmg-esd15axx_firmware
- ftmg-esd25axx
- ftmg-esd25axx_firmware