CVE-2023-23445

EPSS 0.16%
Veröffentlicht 15.05.2023 11:15:09
Zuletzt bearbeitet 21.11.2024 07:46:12
Quelle psirt@sick.de
CVE-Watchlists
Login
Unerledigt
Login

Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers
1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote
attacker to gain unauthorized access to data fields by using a therefore unpriviledged account via the
REST interface.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sick ≫ Ftmg-esd20axx Firmware Version < 2.0

Sick ≫ Ftmg-esd20axx Version-

Sick ≫ Ftmg-esd25axx Firmware Version < 2.0

Sick ≫ Ftmg-esd25axx Version-

Sick ≫ Ftmg-esn40sxx Firmware Version < 2.0

Sick ≫ Ftmg-esn40sxx Version-

Sick ≫ Ftmg-esn50sxx Firmware Version < 2.0

Sick ≫ Ftmg-esn50sxx Version-

Sick ≫ Ftmg-esr50sxx Firmware Version < 2.0

Sick ≫ Ftmg-esr50sxx Version-

Sick ≫ Ftmg-esr40sxx Firmware Version < 2.0

Sick ≫ Ftmg-esr40sxx Version-

Sick ≫ Ftmg-esd15axx Firmware Version < 2.0

Sick ≫ Ftmg-esd15axx Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.379

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
psirt@sick.de	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://sick.com/psirt

Vendor Advisory

https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json

Vendor Advisory

https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-23445

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-23445

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-23445

EUVD