cvelistv5 - cve-2023-23447

Source	URL	Tags
psirt@sick.de	https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json	Vendor Advisory
psirt@sick.de	https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf	Vendor Advisory
psirt@sick.de	https://sick.com/psirt	Vendor Advisory

Vendor	Product
SICK AG	SICK FTMG-ESD15AXX AIR FLOW SENSOR
SICK AG	SICK FTMG-ESD20AXX AIR FLOW SENSOR
SICK AG	SICK FTMG-ESD25AXX AIR FLOW SENSOR
SICK AG	SICK FTMG-ESN40SXX AIR FLOW SENSOR
SICK AG	SICK FTMG-ESN50SXX AIR FLOW SENSOR
SICK AG	SICK FTMG-ESR40SXX AIR FLOW SENSOR
SICK AG	SICK FTMG-ESR50SXX AIR FLOW SENSOR

gsd-2023-23447

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to influence the availability of the webserver by invocing several open file requests via the REST interface.

Aliases

CVE-2023-23447

Aliases

CVE-2023-23447

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-23447",
    "id": "GSD-2023-23447"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-23447"
      ],
      "details": "\nUncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged\nremote attacker to influence the availability of the webserver by invocing several open file requests via\nthe REST interface.\n\n",
      "id": "GSD-2023-23447",
      "modified": "2023-12-13T01:20:49.499516Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@sick.de",
        "ID": "CVE-2023-23447",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SICK FTMG-ESD15AXX AIR FLOW SENSOR",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "v3.0.0.131.Release",
                                "status": "affected",
                                "version": "0",
                                "versionType": "*"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SICK FTMG-ESD20AXX AIR FLOW SENSOR",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "v3.0.0.131.Release",
                                "status": "affected",
                                "version": "0",
                                "versionType": "*"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SICK FTMG-ESD25AXX AIR FLOW SENSOR",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "v3.0.0.131.Release",
                                "status": "affected",
                                "version": "0",
                                "versionType": "*"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SICK FTMG-ESN40SXX AIR FLOW SENSOR",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "v3.0.0.131.Release",
                                "status": "affected",
                                "version": "0",
                                "versionType": "*"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SICK FTMG-ESN50SXX AIR FLOW SENSOR",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "v3.0.0.131.Release",
                                "status": "affected",
                                "version": "0",
                                "versionType": "*"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SICK FTMG-ESR40SXX AIR FLOW SENSOR",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "v3.0.0.131.Release",
                                "status": "affected",
                                "version": "0",
                                "versionType": "*"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SICK FTMG-ESR50SXX AIR FLOW SENSOR",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "v3.0.0.131.Release",
                                "status": "affected",
                                "version": "0",
                                "versionType": "*"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "SICK AG"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "\nUncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged\nremote attacker to influence the availability of the webserver by invocing several open file requests via\nthe REST interface.\n\n"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-400",
                "lang": "eng",
                "value": "CWE-400 Uncontrolled Resource Consumption"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://sick.com/psirt",
            "refsource": "MISC",
            "url": "https://sick.com/psirt"
          },
          {
            "name": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf",
            "refsource": "MISC",
            "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf"
          },
          {
            "name": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json",
            "refsource": "MISC",
            "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json"
          }
        ]
      },
      "solution": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": true,
              "type": "text/html",
              "value": "\n\nSICK has released a new major version v3.0.0.131.Release of the SICK FTMg firmware and\nrecommends updating to the newest version.\n\n"
            }
          ],
          "value": "\nSICK has released a new major version v3.0.0.131.Release of the SICK FTMg firmware and\nrecommends updating to the newest version.\n\n"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sick:ftmg-esd20axx_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sick:ftmg-esd20axx:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sick:ftmg-esd25axx_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sick:ftmg-esd25axx:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sick:ftmg-esn40sxx_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sick:ftmg-esn40sxx:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sick:ftmg-esn50sxx_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sick:ftmg-esn50sxx:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sick:ftmg-esr50sxx_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sick:ftmg-esr50sxx:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sick:ftmg-esr40sxx_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sick:ftmg-esr40sxx:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sick:ftmg-esd15axx_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sick:ftmg-esd15axx:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@sick.de",
          "ID": "CVE-2023-23447"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "\nUncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged\nremote attacker to influence the availability of the webserver by invocing several open file requests via\nthe REST interface.\n\n"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-400"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf"
            },
            {
              "name": "https://sick.com/psirt",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "name": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-05-25T13:17Z",
      "publishedDate": "2023-05-15T11:15Z"
    }
  }
}

ghsa-74p5-63hf-rhf9

Vulnerability from github

Published

2023-05-15 12:30

Modified

2024-04-04 04:05

Severity

7.5 (High) - CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to influence the availability of the webserver by invocing several open file requests via the REST interface.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-23447"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-15T11:15:09Z",
    "severity": "HIGH"
  },
  "details": "\nUncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged\nremote attacker to influence the availability of the webserver by invocing several open file requests via\nthe REST interface.\n\n",
  "id": "GHSA-74p5-63hf-rhf9",
  "modified": "2024-04-04T04:05:15Z",
  "published": "2023-05-15T12:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23447"
    },
    {
      "type": "WEB",
      "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json"
    },
    {
      "type": "WEB",
      "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf"
    },
    {
      "type": "WEB",
      "url": "https://sick.com/psirt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

sca-2023-0004

Vulnerability from csaf_sick

Published

2023-05-11 13:00

Modified

2023-05-11 13:00

Summary

Vulnerabilities in SICK FTMg

Notes

SICK found multiple security vulnerabilities in the SICK FTMg device. If exploited, these potentially allow a remote unauthenticated attacker to impact the availabiltiy or confidentaility of the FTMg device. Currently SICK is not aware of any public exploits specifically targeting any of the vulnerabilities. SICK has released a new major version of the SICK FTMg firmware and recommends updating to the newest version.

General Security Measures

As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.

Vulnerability Classification

SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "summary",
        "text": "SICK found multiple security vulnerabilities in the SICK FTMg device. If exploited, these potentially allow a remote unauthenticated attacker to impact the availabiltiy or confidentaility of the FTMg device.\n\nCurrently SICK is not aware of any public exploits specifically targeting any of the vulnerabilities.\n\nSICK has released a new major version of the SICK FTMg firmware and recommends updating to the newest\nversion."
      },
      {
        "category": "general",
        "text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.",
        "title": "General Security Measures"
      },
      {
        "category": "general",
        "text": "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer\u2019s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.",
        "title": "Vulnerability Classification"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@sick.de",
      "issuing_authority": "SICK PSIRT is responsible for any vulnerabilities related to SICK products.",
      "name": "SICK PSIRT",
      "namespace": "https://www.sick.com/psirt"
    },
    "references": [
      {
        "summary": "SICK PSIRT Security Advisories",
        "url": "https://www.sick.com/psirt"
      },
      {
        "summary": "SICK Operating Guidelines",
        "url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
      },
      {
        "summary": "ICS-CERT recommended practices on Industrial Security",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "summary": "CVSS v3.1 Calculator",
        "url": "https://www.first.org/cvss/calculator/3.1"
      },
      {
        "category": "self",
        "summary": "The canonical URL.",
        "url": "https://www.sick.com/.well-known/csaf/white/2023/sca-2023-0004.json"
      },
      {
        "category": "self",
        "summary": "The canonical PDF URL.",
        "url": "https://www.sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf"
      }
    ],
    "title": "Vulnerabilities in SICK FTMg",
    "tracking": {
      "current_release_date": "2023-05-11T13:00:00.000Z",
      "generator": {
        "date": "2023-12-04T10:31:12.941Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.2.16"
        }
      },
      "id": "SCA-2023-0004",
      "initial_release_date": "2023-05-11T13:00:00.000Z",
      "revision_history": [
        {
          "date": "2023-05-11T13:00:00.000Z",
          "number": "1",
          "summary": "Initial Release"
        },
        {
          "date": "2023-12-04T11:00:00.000Z",
          "number": "2",
          "summary": "Added self reference in CSAF"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SICK FTMG-ESD15AXX AIR FLOW SENSOR all versions",
                  "product_id": "CSAFPID-0001",
                  "product_identification_helper": {
                    "skus": [
                      "1100214"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FTMG-ESD15AXX AIR FLOW SENSOR"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SICK FTMG-ESD20AXX AIR FLOW SENSOR all versions",
                  "product_id": "CSAFPID-0002",
                  "product_identification_helper": {
                    "skus": [
                      "1100215"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FTMG-ESD20AXX AIR FLOW SENSOR"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SICK FTMG-ESD25AXX AIR FLOW SENSOR all versions",
                  "product_id": "CSAFPID-0003",
                  "product_identification_helper": {
                    "skus": [
                      "1100216"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FTMG-ESD25AXX AIR FLOW SENSOR"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SICK FTMG-ESR40SXX AIR FLOW SENSOR all versions",
                  "product_id": "CSAFPID-0004",
                  "product_identification_helper": {
                    "skus": [
                      "1120114"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FTMG-ESR40SXX AIR FLOW SENSOR"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SICK FTMG-ESR50SXX AIR FLOW SENSOR all versions",
                  "product_id": "CSAFPID-0005",
                  "product_identification_helper": {
                    "skus": [
                      "1120116"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FTMG-ESR50SXX AIR FLOW SENSOR"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SICK FTMG-ESN40SXX AIR FLOW SENSOR all versions",
                  "product_id": "CSAFPID-0006",
                  "product_identification_helper": {
                    "skus": [
                      "1122524"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FTMG-ESN40SXX AIR FLOW SENSOR"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SICK FTMG-ESN50SXX AIR FLOW SENSOR all versions",
                  "product_id": "CSAFPID-0007",
                  "product_identification_helper": {
                    "skus": [
                      "1122526"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FTMG-ESN50SXX AIR FLOW SENSOR"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cv2.x",
                "product": {
                  "name": "SICK FTMG-ESD15AXX AIR FLOW SENSOR Firmware \u003cv2.x",
                  "product_id": "CSAFPID-0008"
                }
              },
              {
                "category": "product_version",
                "name": "v3.0.0.131.Release",
                "product": {
                  "name": "SICK FTMG-ESD15AXX AIR FLOW SENSOR Firmware v3.0.0.131.Release",
                  "product_id": "CSAFPID-0009"
                }
              }
            ],
            "category": "product_name",
            "name": "FTMG-ESD15AXX AIR FLOW SENSOR Firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cv2.x",
                "product": {
                  "name": "SICK FTMG-ESD20AXX AIR FLOW SENSOR Firmware \u003cv2.x",
                  "product_id": "CSAFPID-0010"
                }
              },
              {
                "category": "product_version",
                "name": "v3.0.0.131.Release",
                "product": {
                  "name": "SICK FTMG-ESD20AXX AIR FLOW SENSOR Firmware v3.0.0.131.Release",
                  "product_id": "CSAFPID-0011"
                }
              }
            ],
            "category": "product_name",
            "name": "FTMG-ESD20AXX AIR FLOW SENSOR Firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cv2.x",
                "product": {
                  "name": "SICK FTMG-ESD25AXX AIR FLOW SENSOR Firmware \u003cv2.x",
                  "product_id": "CSAFPID-0012"
                }
              },
              {
                "category": "product_version",
                "name": "v3.0.0.131.Release",
                "product": {
                  "name": "SICK FTMG-ESD25AXX AIR FLOW SENSOR Firmware v3.0.0.131.Release",
                  "product_id": "CSAFPID-0013"
                }
              }
            ],
            "category": "product_name",
            "name": "FTMG-ESD25AXX AIR FLOW SENSOR Firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cv2.x",
                "product": {
                  "name": "SICK FTMG-ESR40SXX AIR FLOW SENSOR Firmware \u003cv2.x",
                  "product_id": "CSAFPID-0014"
                }
              },
              {
                "category": "product_version",
                "name": "v3.0.0.131.Release",
                "product": {
                  "name": "SICK FTMG-ESR40SXX AIR FLOW SENSOR Firmware v3.0.0.131.Release",
                  "product_id": "CSAFPID-0015"
                }
              }
            ],
            "category": "product_name",
            "name": "FTMG-ESR40SXX AIR FLOW SENSOR Firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cv2.x",
                "product": {
                  "name": "SICK FTMG-ESR50SXX AIR FLOW SENSOR Firmware \u003cv2.x",
                  "product_id": "CSAFPID-0016"
                }
              },
              {
                "category": "product_version",
                "name": "v3.0.0.131.Release",
                "product": {
                  "name": "SICK FTMG-ESR50SXX AIR FLOW SENSOR Firmware v3.0.0.131.Release",
                  "product_id": "CSAFPID-0017"
                }
              }
            ],
            "category": "product_name",
            "name": "FTMG-ESR50SXX AIR FLOW SENSOR Firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cv2.x",
                "product": {
                  "name": "SICK FTMG-ESN40SXX AIR FLOW SENSOR Firmware \u003cv2.x",
                  "product_id": "CSAFPID-0018"
                }
              },
              {
                "category": "product_version",
                "name": "v3.0.0.131.Release",
                "product": {
                  "name": "SICK FTMG-ESN40SXX AIR FLOW SENSOR Firmware v3.0.0.131.Release",
                  "product_id": "CSAFPID-0019"
                }
              }
            ],
            "category": "product_name",
            "name": "FTMG-ESN40SXX AIR FLOW SENSOR Firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cv2.x",
                "product": {
                  "name": "SICK FTMG-ESN50SXX AIR FLOW SENSOR Firmware \u003cv2.x",
                  "product_id": "CSAFPID-0020"
                }
              },
              {
                "category": "product_version",
                "name": "v3.0.0.131.Release",
                "product": {
                  "name": "SICK FTMG-ESN50SXX AIR FLOW SENSOR Firmware v3.0.0.131.Release",
                  "product_id": "CSAFPID-0021"
                }
              }
            ],
            "category": "product_name",
            "name": "FTMG-ESN50SXX AIR FLOW SENSOR Firmware"
          }
        ],
        "category": "vendor",
        "name": "SICK AG"
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK FTMG-ESD15AXX AIR FLOW SENSOR all versions with Firmware \u003cv2.x",
          "product_id": "CSAFPID-0022"
        },
        "product_reference": "CSAFPID-0008",
        "relates_to_product_reference": "CSAFPID-0001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK FTMG-ESD20AXX AIR FLOW SENSOR all versions with Firmware \u003cv2.x",
          "product_id": "CSAFPID-0023"
        },
        "product_reference": "CSAFPID-0010",
        "relates_to_product_reference": "CSAFPID-0002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK FTMG-ESD25AXX AIR FLOW SENSOR all versions with Firmware \u003cv2.x",
          "product_id": "CSAFPID-0024"
        },
        "product_reference": "CSAFPID-0012",
        "relates_to_product_reference": "CSAFPID-0003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK FTMG-ESR40SXX AIR FLOW SENSOR all versions with Firmware \u003cv2.x",
          "product_id": "CSAFPID-0025"
        },
        "product_reference": "CSAFPID-0014",
        "relates_to_product_reference": "CSAFPID-0004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK FTMG-ESR50SXX AIR FLOW SENSOR all versions with Firmware \u003cv2.x",
          "product_id": "CSAFPID-0026"
        },
        "product_reference": "CSAFPID-0016",
        "relates_to_product_reference": "CSAFPID-0005"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK FTMG-ESN40SXX AIR FLOW SENSOR all versions with Firmware \u003cv2.x",
          "product_id": "CSAFPID-0027"
        },
        "product_reference": "CSAFPID-0018",
        "relates_to_product_reference": "CSAFPID-0006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK FTMG-ESN50SXX AIR FLOW SENSOR all versions with Firmware \u003cv2.x",
          "product_id": "CSAFPID-0028"
        },
        "product_reference": "CSAFPID-0020",
        "relates_to_product_reference": "CSAFPID-0007"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK FTMG-ESD15AXX AIR FLOW SENSOR all versions with Firmware v3.0.0.131.Release",
          "product_id": "CSAFPID-0029"
        },
        "product_reference": "CSAFPID-0009",
        "relates_to_product_reference": "CSAFPID-0001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK FTMG-ESD20AXX AIR FLOW SENSOR all versions with Firmware v3.0.0.131.Release",
          "product_id": "CSAFPID-0030"
        },
        "product_reference": "CSAFPID-0011",
        "relates_to_product_reference": "CSAFPID-0002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK FTMG-ESD25AXX AIR FLOW SENSOR all versions with Firmware v3.0.0.131.Release",
          "product_id": "CSAFPID-0031"
        },
        "product_reference": "CSAFPID-0013",
        "relates_to_product_reference": "CSAFPID-0003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK FTMG-ESR40SXX AIR FLOW SENSOR all versions with Firmware v3.0.0.131.Release",
          "product_id": "CSAFPID-0032"
        },
        "product_reference": "CSAFPID-0015",
        "relates_to_product_reference": "CSAFPID-0004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK FTMG-ESR50SXX AIR FLOW SENSOR all versions with Firmware v3.0.0.131.Release",
          "product_id": "CSAFPID-0033"
        },
        "product_reference": "CSAFPID-0017",
        "relates_to_product_reference": "CSAFPID-0005"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK FTMG-ESN40SXX AIR FLOW SENSOR all versions with Firmware v3.0.0.131.Release",
          "product_id": "CSAFPID-0034"
        },
        "product_reference": "CSAFPID-0019",
        "relates_to_product_reference": "CSAFPID-0006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK FTMG-ESN50SXX AIR FLOW SENSOR all versions with Firmware v3.0.0.131.Release",
          "product_id": "CSAFPID-0035"
        },
        "product_reference": "CSAFPID-0021",
        "relates_to_product_reference": "CSAFPID-0007"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-23445",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "description",
          "text": "Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to gain unauthorized access to data fields by using a therefore unpriviledged account via the REST interface.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0022",
          "CSAFPID-0023",
          "CSAFPID-0024",
          "CSAFPID-0025",
          "CSAFPID-0026",
          "CSAFPID-0027",
          "CSAFPID-0028"
        ]
      },
      "remediations": [
        {
          "category": "workaround",
          "details": "Please make sure that you apply general security practices when operating the SICK FTMg like network segmentation. The following General Security Practices and Operating Guidelines\ncould mitigate the associated security risk.",
          "product_ids": [
            "CSAFPID-0022",
            "CSAFPID-0023",
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026",
            "CSAFPID-0027",
            "CSAFPID-0028"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.5,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0022",
            "CSAFPID-0023",
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026",
            "CSAFPID-0027",
            "CSAFPID-0028"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2023-23446",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "description",
          "text": "Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035"
        ],
        "known_affected": [
          "CSAFPID-0022",
          "CSAFPID-0023",
          "CSAFPID-0024",
          "CSAFPID-0025",
          "CSAFPID-0026",
          "CSAFPID-0027",
          "CSAFPID-0028"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "SICK has released a new major version v3.0.0.131.Release of the SICK FTMg firmware and recommends updating to the newest version.",
          "product_ids": [
            "CSAFPID-0022",
            "CSAFPID-0023",
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026",
            "CSAFPID-0027",
            "CSAFPID-0028"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0022",
            "CSAFPID-0023",
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026",
            "CSAFPID-0027",
            "CSAFPID-0028"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2023-23447",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "description",
          "text": "Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to influence the availability of the webserver by invocing several open file requests via the REST interface.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035"
        ],
        "known_affected": [
          "CSAFPID-0022",
          "CSAFPID-0023",
          "CSAFPID-0024",
          "CSAFPID-0025",
          "CSAFPID-0026",
          "CSAFPID-0027",
          "CSAFPID-0028"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "SICK has released a new major version v3.0.0.131.Release of the SICK FTMg firmware and recommends updating to the newest version.",
          "product_ids": [
            "CSAFPID-0022",
            "CSAFPID-0023",
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026",
            "CSAFPID-0027",
            "CSAFPID-0028"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0022",
            "CSAFPID-0023",
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026",
            "CSAFPID-0027",
            "CSAFPID-0028"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2023-23448",
      "cwe": {
        "id": "CWE-540",
        "name": "Inclusion of Sensitive Information in Source Code"
      },
      "notes": [
        {
          "category": "description",
          "text": "Inclusion of Sensitive Information in Source Code in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to gain information about valid usernames via analysis of source code.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0022",
          "CSAFPID-0023",
          "CSAFPID-0024",
          "CSAFPID-0025",
          "CSAFPID-0026",
          "CSAFPID-0027",
          "CSAFPID-0028"
        ]
      },
      "remediations": [
        {
          "category": "workaround",
          "details": "Please make sure that you apply general security practices when operating the SICK FTMg like network segmentation. The following General Security Practices and Operating Guidelines\ncould mitigate the associated security risk.",
          "product_ids": [
            "CSAFPID-0022",
            "CSAFPID-0023",
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026",
            "CSAFPID-0027",
            "CSAFPID-0028"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0022",
            "CSAFPID-0023",
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026",
            "CSAFPID-0027",
            "CSAFPID-0028"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2023-23449",
      "cwe": {
        "id": "CWE-204",
        "name": "Observable Response Discrepancy"
      },
      "notes": [
        {
          "category": "description",
          "text": "Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to gain information about valid usernames by analyzing challenge responses from the server via the REST interface.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0022",
          "CSAFPID-0023",
          "CSAFPID-0024",
          "CSAFPID-0025",
          "CSAFPID-0026",
          "CSAFPID-0027",
          "CSAFPID-0028"
        ]
      },
      "remediations": [
        {
          "category": "workaround",
          "details": "Please make sure that you apply general security practices when operating the SICK FTMg like network segmentation. The following General Security Practices and Operating Guidelines\ncould mitigate the associated security risk.",
          "product_ids": [
            "CSAFPID-0022",
            "CSAFPID-0023",
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026",
            "CSAFPID-0027",
            "CSAFPID-0028"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0022",
            "CSAFPID-0023",
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026",
            "CSAFPID-0027",
            "CSAFPID-0028"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2023-23450",
      "cwe": {
        "id": "CWE-836",
        "name": "Use of Password Hash Instead of Password for Authentication"
      },
      "notes": [
        {
          "category": "description",
          "text": "Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to use a password hash instead of an actual password to login to a valid user account via the REST interface.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0022",
          "CSAFPID-0023",
          "CSAFPID-0024",
          "CSAFPID-0025",
          "CSAFPID-0026",
          "CSAFPID-0027",
          "CSAFPID-0028"
        ]
      },
      "remediations": [
        {
          "category": "workaround",
          "details": "Please make sure that you apply general security practices when operating the SICK FTMg like network segmentation. The following General Security Practices and Operating Guidelines\ncould mitigate the associated security risk.",
          "product_ids": [
            "CSAFPID-0022",
            "CSAFPID-0023",
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026",
            "CSAFPID-0027",
            "CSAFPID-0028"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0022",
            "CSAFPID-0023",
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026",
            "CSAFPID-0027",
            "CSAFPID-0028"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2023-31408",
      "cwe": {
        "id": "CWE-312",
        "name": "Cleartext Storage of Sensitive Information"
      },
      "notes": [
        {
          "category": "description",
          "text": "Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to potentially steal user credentials that are stored in the user\u0027s browsers local storage via cross-site-scripting attacks.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0022",
          "CSAFPID-0023",
          "CSAFPID-0024",
          "CSAFPID-0025",
          "CSAFPID-0026",
          "CSAFPID-0027",
          "CSAFPID-0028"
        ]
      },
      "remediations": [
        {
          "category": "workaround",
          "details": "Please make sure that you apply general security practices when operating the SICK FTMg like network segmentation. The following General Security Practices and Operating Guidelines\ncould mitigate the associated security risk.",
          "product_ids": [
            "CSAFPID-0022",
            "CSAFPID-0023",
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026",
            "CSAFPID-0027",
            "CSAFPID-0028"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0022",
            "CSAFPID-0023",
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026",
            "CSAFPID-0027",
            "CSAFPID-0028"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2023-31409",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "description",
          "text": "Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an remote attacker to influence the availability of the webserver by invocing a Slowloris style attack via HTTP requests.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0022",
          "CSAFPID-0023",
          "CSAFPID-0024",
          "CSAFPID-0025",
          "CSAFPID-0026",
          "CSAFPID-0027",
          "CSAFPID-0028"
        ]
      },
      "remediations": [
        {
          "category": "workaround",
          "details": "Please make sure that you apply general security practices when operating the SICK FTMg like network segmentation. The following General Security Practices and Operating Guidelines\ncould mitigate the associated security risk.",
          "product_ids": [
            "CSAFPID-0022",
            "CSAFPID-0023",
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026",
            "CSAFPID-0027",
            "CSAFPID-0028"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0022",
            "CSAFPID-0023",
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026",
            "CSAFPID-0027",
            "CSAFPID-0028"
          ]
        }
      ]
    }
  ]
}

Action not permitted

cve-2023-23447

Vulnerability from cvelistv5

gsd-2023-23447

Vulnerability from gsd

ghsa-74p5-63hf-rhf9

Vulnerability from github

sca-2023-0004

Vulnerability from csaf_sick

Tags