CVE-2023-23445
15.05.2023, 11:15
Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to gain unauthorized access to data fields by using a therefore unpriviledged account via the REST interface.Enginsight
| Vendor | Product | Version |
|---|---|---|
| sick | ftmg-esd20axx_firmware | 𝑥 < 2.0 |
| sick | ftmg-esd25axx_firmware | 𝑥 < 2.0 |
| sick | ftmg-esn40sxx_firmware | 𝑥 < 2.0 |
| sick | ftmg-esn50sxx_firmware | 𝑥 < 2.0 |
| sick | ftmg-esr50sxx_firmware | 𝑥 < 2.0 |
| sick | ftmg-esr40sxx_firmware | 𝑥 < 2.0 |
| sick | ftmg-esd15axx_firmware | 𝑥 < 2.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-284 - Improper Access ControlThe software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
- CWE-863 - Incorrect AuthorizationThe software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
References