cve-2023-23446
Vulnerability from cvelistv5
Published
2023-05-15 10:52
Modified
2024-08-02 10:28
Summary
Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:28:41.041Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "issue-tracking",
              "x_transferred"
            ],
            "url": "https://sick.com/psirt"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf"
          },
          {
            "tags": [
              "x_csaf",
              "x_transferred"
            ],
            "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "SICK FTMG-ESD15AXX AIR FLOW SENSOR",
          "vendor": "SICK AG",
          "versions": [
            {
              "lessThan": "v3.0.0.131.Release",
              "status": "affected",
              "version": "0",
              "versionType": "*"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "SICK FTMG-ESD20AXX AIR FLOW SENSOR",
          "vendor": "SICK AG",
          "versions": [
            {
              "lessThan": "v3.0.0.131.Release",
              "status": "affected",
              "version": "0",
              "versionType": "*"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "SICK FTMG-ESD25AXX AIR FLOW SENSOR",
          "vendor": "SICK AG",
          "versions": [
            {
              "lessThan": "v3.0.0.131.Release",
              "status": "affected",
              "version": "0",
              "versionType": "*"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "SICK FTMG-ESN40SXX AIR FLOW SENSOR",
          "vendor": "SICK AG",
          "versions": [
            {
              "lessThan": "v3.0.0.131.Release",
              "status": "affected",
              "version": "0",
              "versionType": "*"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "SICK FTMG-ESN50SXX AIR FLOW SENSOR",
          "vendor": "SICK AG",
          "versions": [
            {
              "lessThan": "v3.0.0.131.Release",
              "status": "affected",
              "version": "0",
              "versionType": "*"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "SICK FTMG-ESR40SXX AIR FLOW SENSOR",
          "vendor": "SICK AG",
          "versions": [
            {
              "lessThan": "v3.0.0.131.Release",
              "status": "affected",
              "version": "0",
              "versionType": "*"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "SICK FTMG-ESR50SXX AIR FLOW SENSOR",
          "vendor": "SICK AG",
          "versions": [
            {
              "lessThan": "v3.0.0.131.Release",
              "status": "affected",
              "version": "0",
              "versionType": "*"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": true,
              "type": "text/html",
              "value": "\n\nImproper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers\n1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface.\n\n\n"
            }
          ],
          "value": "\nImproper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers\n1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface.\n\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284 (Improper Access Control)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-15T10:52:30.269Z",
        "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "shortName": "SICK AG"
      },
      "references": [
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://sick.com/psirt"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf"
        },
        {
          "tags": [
            "x_csaf"
          ],
          "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": true,
              "type": "text/html",
              "value": "\n\nSICK has released a new major version v3.0.0.131.Release of the SICK FTMg firmware and\nrecommends updating to the newest version.\n\n"
            }
          ],
          "value": "\nSICK has released a new major version v3.0.0.131.Release of the SICK FTMg firmware and\nrecommends updating to the newest version.\n\n"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
    "assignerShortName": "SICK AG",
    "cveId": "CVE-2023-23446",
    "datePublished": "2023-05-15T10:52:30.269Z",
    "dateReserved": "2023-01-12T04:07:53.938Z",
    "dateUpdated": "2024-08-02T10:28:41.041Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-23446\",\"sourceIdentifier\":\"psirt@sick.de\",\"published\":\"2023-05-15T11:15:09.160\",\"lastModified\":\"2023-05-25T13:40:25.777\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"\\nImproper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers\\n1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface.\\n\\n\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"psirt@sick.de\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]},{\"source\":\"psirt@sick.de\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sick:ftmg-esd20axx_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0\",\"matchCriteriaId\":\"E3882685-8678-47E4-995C-C3F6D9AD5668\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sick:ftmg-esd20axx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16AD808F-900B-41EE-B90A-F9D67AAAD6BE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sick:ftmg-esd25axx_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0\",\"matchCriteriaId\":\"49D930E8-415C-4183-87A1-8D7F44247B67\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sick:ftmg-esd25axx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24618A95-328C-47C9-B8EF-B4DF6E65D68E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sick:ftmg-esn40sxx_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0\",\"matchCriteriaId\":\"1DCC9C0B-7CCE-44E5-B25D-67BF971B4541\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sick:ftmg-esn40sxx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"290B016B-20B7-40C1-B825-6ED4774C4861\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sick:ftmg-esn50sxx_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0\",\"matchCriteriaId\":\"E23D6018-1DFB-4516-82C9-3A3B09C2CBF9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sick:ftmg-esn50sxx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B113D9E-8E61-4F9C-9E5B-2030EEFB133B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sick:ftmg-esr50sxx_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0\",\"matchCriteriaId\":\"77F2683F-B1B5-4033-97D4-ADF77B6B50E8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sick:ftmg-esr50sxx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A02547D3-5E40-41B3-A7B4-D63F60A5F80B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sick:ftmg-esr40sxx_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0\",\"matchCriteriaId\":\"9075A02A-C627-43DA-ACF7-776197B518C5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sick:ftmg-esr40sxx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B887993-18A8-493F-97A1-A788FBD5A5B9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sick:ftmg-esd15axx_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0\",\"matchCriteriaId\":\"E9219CD8-34CE-45A2-904A-E7B1740706C2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sick:ftmg-esd15axx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF162AA9-6645-4032-8D29-BAE2D60FBD9B\"}]}]}],\"references\":[{\"url\":\"https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json\",\"source\":\"psirt@sick.de\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf\",\"source\":\"psirt@sick.de\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://sick.com/psirt\",\"source\":\"psirt@sick.de\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...