CVE-2023-23450

Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to use a password hash instead of an actual password to login to a valid user account via the REST interface.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:sick:ftmg-esd20axx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:ftmg-esd20axx:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:sick:ftmg-esd25axx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:ftmg-esd25axx:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:sick:ftmg-esn40sxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:ftmg-esn40sxx:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:sick:ftmg-esn50sxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:ftmg-esn50sxx:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:sick:ftmg-esr50sxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:ftmg-esr50sxx:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:sick:ftmg-esr40sxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:ftmg-esr40sxx:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:sick:ftmg-esd15axx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:ftmg-esd15axx:-:*:*:*:*:*:*:*

History

30 May 2023, 14:11

Type Values Removed Values Added
First Time Sick
Sick ftmg-esn40sxx
Sick ftmg-esd20axx
Sick ftmg-esd15axx Firmware
Sick ftmg-esd20axx Firmware
Sick ftmg-esn40sxx Firmware
Sick ftmg-esr40sxx
Sick ftmg-esn50sxx
Sick ftmg-esd15axx
Sick ftmg-esr50sxx
Sick ftmg-esd25axx Firmware
Sick ftmg-esr50sxx Firmware
Sick ftmg-esr40sxx Firmware
Sick ftmg-esd25axx
Sick ftmg-esn50sxx Firmware
References (MISC) https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json - (MISC) https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json - Vendor Advisory
References (MISC) https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf - (MISC) https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf - Vendor Advisory
References (MISC) https://sick.com/psirt - (MISC) https://sick.com/psirt - Vendor Advisory
CWE CWE-287
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CPE cpe:2.3:o:sick:ftmg-esd20axx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:ftmg-esn40sxx:-:*:*:*:*:*:*:*
cpe:2.3:o:sick:ftmg-esn50sxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:sick:ftmg-esr40sxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:sick:ftmg-esd15axx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:ftmg-esn50sxx:-:*:*:*:*:*:*:*
cpe:2.3:o:sick:ftmg-esr50sxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:sick:ftmg-esd25axx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:ftmg-esr40sxx:-:*:*:*:*:*:*:*
cpe:2.3:o:sick:ftmg-esn40sxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sick:ftmg-esr50sxx:-:*:*:*:*:*:*:*
cpe:2.3:h:sick:ftmg-esd15axx:-:*:*:*:*:*:*:*
cpe:2.3:h:sick:ftmg-esd20axx:-:*:*:*:*:*:*:*
cpe:2.3:h:sick:ftmg-esd25axx:-:*:*:*:*:*:*:*

15 May 2023, 12:54

Type Values Removed Values Added
New CVE

Information

Published : 2023-05-15 11:15

Updated : 2023-12-10 15:01


NVD link : CVE-2023-23450

Mitre link : CVE-2023-23450

CVE.ORG link : CVE-2023-23450


JSON object : View

Products Affected

sick

  • ftmg-esn50sxx_firmware
  • ftmg-esd15axx_firmware
  • ftmg-esn50sxx
  • ftmg-esd20axx
  • ftmg-esd25axx
  • ftmg-esd20axx_firmware
  • ftmg-esd15axx
  • ftmg-esr40sxx
  • ftmg-esr50sxx_firmware
  • ftmg-esr50sxx
  • ftmg-esd25axx_firmware
  • ftmg-esn40sxx
  • ftmg-esn40sxx_firmware
  • ftmg-esr40sxx_firmware
CWE
CWE-287

Improper Authentication

CWE-836

Use of Password Hash Instead of Password for Authentication