CVE-2023-23447

Summary

Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to influence the availability of the webserver by invocing several open file requests via the REST interface.

Affected Software

VendorProductVersion RangeStatus
SICK AGSICK FTMG-ESD15AXX AIR FLOW SENSOR0 < v3.0.0.131.Releaseaffected
SICK AGSICK FTMG-ESD20AXX AIR FLOW SENSOR0 < v3.0.0.131.Releaseaffected
SICK AGSICK FTMG-ESD25AXX AIR FLOW SENSOR0 < v3.0.0.131.Releaseaffected
SICK AGSICK FTMG-ESN40SXX AIR FLOW SENSOR0 < v3.0.0.131.Releaseaffected
SICK AGSICK FTMG-ESN50SXX AIR FLOW SENSOR0 < v3.0.0.131.Releaseaffected
SICK AGSICK FTMG-ESR40SXX AIR FLOW SENSOR0 < v3.0.0.131.Releaseaffected
SICK AGSICK FTMG-ESR50SXX AIR FLOW SENSOR0 < v3.0.0.131.Releaseaffected

Weaknesses

  • CWE-400: CWE-400 Uncontrolled Resource Consumption

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References