CVE-2023-23446

Summary

Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface.

Affected Software

VendorProductVersion RangeStatus
SICK AGSICK FTMG-ESD15AXX AIR FLOW SENSOR0 < v3.0.0.131.Releaseaffected
SICK AGSICK FTMG-ESD20AXX AIR FLOW SENSOR0 < v3.0.0.131.Releaseaffected
SICK AGSICK FTMG-ESD25AXX AIR FLOW SENSOR0 < v3.0.0.131.Releaseaffected
SICK AGSICK FTMG-ESN40SXX AIR FLOW SENSOR0 < v3.0.0.131.Releaseaffected
SICK AGSICK FTMG-ESN50SXX AIR FLOW SENSOR0 < v3.0.0.131.Releaseaffected
SICK AGSICK FTMG-ESR40SXX AIR FLOW SENSOR0 < v3.0.0.131.Releaseaffected
SICK AGSICK FTMG-ESR50SXX AIR FLOW SENSOR0 < v3.0.0.131.Releaseaffected

Weaknesses

  • CWE-284: CWE-284 (Improper Access Control)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References