sca-2023-0004
Vulnerability from csaf_sick
Published
2023-05-11 13:00
Modified
2023-05-11 13:00
Summary
Vulnerabilities in SICK FTMg
Notes
SICK found multiple security vulnerabilities in the SICK FTMg device. If exploited, these potentially allow a remote unauthenticated attacker to impact the availabiltiy or confidentaility of the FTMg device.
Currently SICK is not aware of any public exploits specifically targeting any of the vulnerabilities.
SICK has released a new major version of the SICK FTMg firmware and recommends updating to the newest
version.
General Security Measures
As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.
Vulnerability Classification
SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "SICK found multiple security vulnerabilities in the SICK FTMg device. If exploited, these potentially allow a remote unauthenticated attacker to impact the availabiltiy or confidentaility of the FTMg device.\n\nCurrently SICK is not aware of any public exploits specifically targeting any of the vulnerabilities.\n\nSICK has released a new major version of the SICK FTMg firmware and recommends updating to the newest\nversion."
},
{
"category": "general",
"text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.",
"title": "General Security Measures"
},
{
"category": "general",
"text": "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer\u2019s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.",
"title": "Vulnerability Classification"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@sick.de",
"issuing_authority": "SICK PSIRT is responsible for any vulnerabilities related to SICK products.",
"name": "SICK PSIRT",
"namespace": "https://www.sick.com/psirt"
},
"references": [
{
"summary": "SICK PSIRT Security Advisories",
"url": "https://www.sick.com/psirt"
},
{
"summary": "SICK Operating Guidelines",
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"summary": "ICS-CERT recommended practices on Industrial Security",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"summary": "CVSS v3.1 Calculator",
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"category": "self",
"summary": "The canonical URL.",
"url": "https://www.sick.com/.well-known/csaf/white/2023/sca-2023-0004.json"
},
{
"category": "self",
"summary": "The canonical PDF URL.",
"url": "https://www.sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf"
}
],
"title": "Vulnerabilities in SICK FTMg",
"tracking": {
"current_release_date": "2023-05-11T13:00:00.000Z",
"generator": {
"date": "2023-12-04T10:31:12.941Z",
"engine": {
"name": "Secvisogram",
"version": "2.2.16"
}
},
"id": "SCA-2023-0004",
"initial_release_date": "2023-05-11T13:00:00.000Z",
"revision_history": [
{
"date": "2023-05-11T13:00:00.000Z",
"number": "1",
"summary": "Initial Release"
},
{
"date": "2023-12-04T11:00:00.000Z",
"number": "2",
"summary": "Added self reference in CSAF"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK FTMG-ESD15AXX AIR FLOW SENSOR all versions",
"product_id": "CSAFPID-0001",
"product_identification_helper": {
"skus": [
"1100214"
]
}
}
}
],
"category": "product_name",
"name": "FTMG-ESD15AXX AIR FLOW SENSOR"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK FTMG-ESD20AXX AIR FLOW SENSOR all versions",
"product_id": "CSAFPID-0002",
"product_identification_helper": {
"skus": [
"1100215"
]
}
}
}
],
"category": "product_name",
"name": "FTMG-ESD20AXX AIR FLOW SENSOR"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK FTMG-ESD25AXX AIR FLOW SENSOR all versions",
"product_id": "CSAFPID-0003",
"product_identification_helper": {
"skus": [
"1100216"
]
}
}
}
],
"category": "product_name",
"name": "FTMG-ESD25AXX AIR FLOW SENSOR"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK FTMG-ESR40SXX AIR FLOW SENSOR all versions",
"product_id": "CSAFPID-0004",
"product_identification_helper": {
"skus": [
"1120114"
]
}
}
}
],
"category": "product_name",
"name": "FTMG-ESR40SXX AIR FLOW SENSOR"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK FTMG-ESR50SXX AIR FLOW SENSOR all versions",
"product_id": "CSAFPID-0005",
"product_identification_helper": {
"skus": [
"1120116"
]
}
}
}
],
"category": "product_name",
"name": "FTMG-ESR50SXX AIR FLOW SENSOR"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK FTMG-ESN40SXX AIR FLOW SENSOR all versions",
"product_id": "CSAFPID-0006",
"product_identification_helper": {
"skus": [
"1122524"
]
}
}
}
],
"category": "product_name",
"name": "FTMG-ESN40SXX AIR FLOW SENSOR"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK FTMG-ESN50SXX AIR FLOW SENSOR all versions",
"product_id": "CSAFPID-0007",
"product_identification_helper": {
"skus": [
"1122526"
]
}
}
}
],
"category": "product_name",
"name": "FTMG-ESN50SXX AIR FLOW SENSOR"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cv2.x",
"product": {
"name": "SICK FTMG-ESD15AXX AIR FLOW SENSOR Firmware \u003cv2.x",
"product_id": "CSAFPID-0008"
}
},
{
"category": "product_version",
"name": "v3.0.0.131.Release",
"product": {
"name": "SICK FTMG-ESD15AXX AIR FLOW SENSOR Firmware v3.0.0.131.Release",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "FTMG-ESD15AXX AIR FLOW SENSOR Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cv2.x",
"product": {
"name": "SICK FTMG-ESD20AXX AIR FLOW SENSOR Firmware \u003cv2.x",
"product_id": "CSAFPID-0010"
}
},
{
"category": "product_version",
"name": "v3.0.0.131.Release",
"product": {
"name": "SICK FTMG-ESD20AXX AIR FLOW SENSOR Firmware v3.0.0.131.Release",
"product_id": "CSAFPID-0011"
}
}
],
"category": "product_name",
"name": "FTMG-ESD20AXX AIR FLOW SENSOR Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cv2.x",
"product": {
"name": "SICK FTMG-ESD25AXX AIR FLOW SENSOR Firmware \u003cv2.x",
"product_id": "CSAFPID-0012"
}
},
{
"category": "product_version",
"name": "v3.0.0.131.Release",
"product": {
"name": "SICK FTMG-ESD25AXX AIR FLOW SENSOR Firmware v3.0.0.131.Release",
"product_id": "CSAFPID-0013"
}
}
],
"category": "product_name",
"name": "FTMG-ESD25AXX AIR FLOW SENSOR Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cv2.x",
"product": {
"name": "SICK FTMG-ESR40SXX AIR FLOW SENSOR Firmware \u003cv2.x",
"product_id": "CSAFPID-0014"
}
},
{
"category": "product_version",
"name": "v3.0.0.131.Release",
"product": {
"name": "SICK FTMG-ESR40SXX AIR FLOW SENSOR Firmware v3.0.0.131.Release",
"product_id": "CSAFPID-0015"
}
}
],
"category": "product_name",
"name": "FTMG-ESR40SXX AIR FLOW SENSOR Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cv2.x",
"product": {
"name": "SICK FTMG-ESR50SXX AIR FLOW SENSOR Firmware \u003cv2.x",
"product_id": "CSAFPID-0016"
}
},
{
"category": "product_version",
"name": "v3.0.0.131.Release",
"product": {
"name": "SICK FTMG-ESR50SXX AIR FLOW SENSOR Firmware v3.0.0.131.Release",
"product_id": "CSAFPID-0017"
}
}
],
"category": "product_name",
"name": "FTMG-ESR50SXX AIR FLOW SENSOR Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cv2.x",
"product": {
"name": "SICK FTMG-ESN40SXX AIR FLOW SENSOR Firmware \u003cv2.x",
"product_id": "CSAFPID-0018"
}
},
{
"category": "product_version",
"name": "v3.0.0.131.Release",
"product": {
"name": "SICK FTMG-ESN40SXX AIR FLOW SENSOR Firmware v3.0.0.131.Release",
"product_id": "CSAFPID-0019"
}
}
],
"category": "product_name",
"name": "FTMG-ESN40SXX AIR FLOW SENSOR Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cv2.x",
"product": {
"name": "SICK FTMG-ESN50SXX AIR FLOW SENSOR Firmware \u003cv2.x",
"product_id": "CSAFPID-0020"
}
},
{
"category": "product_version",
"name": "v3.0.0.131.Release",
"product": {
"name": "SICK FTMG-ESN50SXX AIR FLOW SENSOR Firmware v3.0.0.131.Release",
"product_id": "CSAFPID-0021"
}
}
],
"category": "product_name",
"name": "FTMG-ESN50SXX AIR FLOW SENSOR Firmware"
}
],
"category": "vendor",
"name": "SICK AG"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "SICK FTMG-ESD15AXX AIR FLOW SENSOR all versions with Firmware \u003cv2.x",
"product_id": "CSAFPID-0022"
},
"product_reference": "CSAFPID-0008",
"relates_to_product_reference": "CSAFPID-0001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK FTMG-ESD20AXX AIR FLOW SENSOR all versions with Firmware \u003cv2.x",
"product_id": "CSAFPID-0023"
},
"product_reference": "CSAFPID-0010",
"relates_to_product_reference": "CSAFPID-0002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK FTMG-ESD25AXX AIR FLOW SENSOR all versions with Firmware \u003cv2.x",
"product_id": "CSAFPID-0024"
},
"product_reference": "CSAFPID-0012",
"relates_to_product_reference": "CSAFPID-0003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK FTMG-ESR40SXX AIR FLOW SENSOR all versions with Firmware \u003cv2.x",
"product_id": "CSAFPID-0025"
},
"product_reference": "CSAFPID-0014",
"relates_to_product_reference": "CSAFPID-0004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK FTMG-ESR50SXX AIR FLOW SENSOR all versions with Firmware \u003cv2.x",
"product_id": "CSAFPID-0026"
},
"product_reference": "CSAFPID-0016",
"relates_to_product_reference": "CSAFPID-0005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK FTMG-ESN40SXX AIR FLOW SENSOR all versions with Firmware \u003cv2.x",
"product_id": "CSAFPID-0027"
},
"product_reference": "CSAFPID-0018",
"relates_to_product_reference": "CSAFPID-0006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK FTMG-ESN50SXX AIR FLOW SENSOR all versions with Firmware \u003cv2.x",
"product_id": "CSAFPID-0028"
},
"product_reference": "CSAFPID-0020",
"relates_to_product_reference": "CSAFPID-0007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK FTMG-ESD15AXX AIR FLOW SENSOR all versions with Firmware v3.0.0.131.Release",
"product_id": "CSAFPID-0029"
},
"product_reference": "CSAFPID-0009",
"relates_to_product_reference": "CSAFPID-0001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK FTMG-ESD20AXX AIR FLOW SENSOR all versions with Firmware v3.0.0.131.Release",
"product_id": "CSAFPID-0030"
},
"product_reference": "CSAFPID-0011",
"relates_to_product_reference": "CSAFPID-0002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK FTMG-ESD25AXX AIR FLOW SENSOR all versions with Firmware v3.0.0.131.Release",
"product_id": "CSAFPID-0031"
},
"product_reference": "CSAFPID-0013",
"relates_to_product_reference": "CSAFPID-0003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK FTMG-ESR40SXX AIR FLOW SENSOR all versions with Firmware v3.0.0.131.Release",
"product_id": "CSAFPID-0032"
},
"product_reference": "CSAFPID-0015",
"relates_to_product_reference": "CSAFPID-0004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK FTMG-ESR50SXX AIR FLOW SENSOR all versions with Firmware v3.0.0.131.Release",
"product_id": "CSAFPID-0033"
},
"product_reference": "CSAFPID-0017",
"relates_to_product_reference": "CSAFPID-0005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK FTMG-ESN40SXX AIR FLOW SENSOR all versions with Firmware v3.0.0.131.Release",
"product_id": "CSAFPID-0034"
},
"product_reference": "CSAFPID-0019",
"relates_to_product_reference": "CSAFPID-0006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK FTMG-ESN50SXX AIR FLOW SENSOR all versions with Firmware v3.0.0.131.Release",
"product_id": "CSAFPID-0035"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0007"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-23445",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "description",
"text": "Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to gain unauthorized access to data fields by using a therefore unpriviledged account via the REST interface.",
"title": "CVE description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that you apply general security practices when operating the SICK FTMg like network segmentation. The following General Security Practices and Operating Guidelines\ncould mitigate the associated security risk.",
"product_ids": [
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028"
]
}
]
},
{
"cve": "CVE-2023-23446",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "description",
"text": "Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035"
],
"known_affected": [
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "SICK has released a new major version v3.0.0.131.Release of the SICK FTMg firmware and recommends updating to the newest version.",
"product_ids": [
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028"
]
}
]
},
{
"cve": "CVE-2023-23447",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "description",
"text": "Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to influence the availability of the webserver by invocing several open file requests via the REST interface.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035"
],
"known_affected": [
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "SICK has released a new major version v3.0.0.131.Release of the SICK FTMg firmware and recommends updating to the newest version.",
"product_ids": [
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028"
]
}
]
},
{
"cve": "CVE-2023-23448",
"cwe": {
"id": "CWE-540",
"name": "Inclusion of Sensitive Information in Source Code"
},
"notes": [
{
"category": "description",
"text": "Inclusion of Sensitive Information in Source Code in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to gain information about valid usernames via analysis of source code.",
"title": "CVE description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that you apply general security practices when operating the SICK FTMg like network segmentation. The following General Security Practices and Operating Guidelines\ncould mitigate the associated security risk.",
"product_ids": [
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028"
]
}
]
},
{
"cve": "CVE-2023-23449",
"cwe": {
"id": "CWE-204",
"name": "Observable Response Discrepancy"
},
"notes": [
{
"category": "description",
"text": "Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to gain information about valid usernames by analyzing challenge responses from the server via the REST interface.",
"title": "CVE description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that you apply general security practices when operating the SICK FTMg like network segmentation. The following General Security Practices and Operating Guidelines\ncould mitigate the associated security risk.",
"product_ids": [
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028"
]
}
]
},
{
"cve": "CVE-2023-23450",
"cwe": {
"id": "CWE-836",
"name": "Use of Password Hash Instead of Password for Authentication"
},
"notes": [
{
"category": "description",
"text": "Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to use a password hash instead of an actual password to login to a valid user account via the REST interface.",
"title": "CVE description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that you apply general security practices when operating the SICK FTMg like network segmentation. The following General Security Practices and Operating Guidelines\ncould mitigate the associated security risk.",
"product_ids": [
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028"
]
}
]
},
{
"cve": "CVE-2023-31408",
"cwe": {
"id": "CWE-312",
"name": "Cleartext Storage of Sensitive Information"
},
"notes": [
{
"category": "description",
"text": "Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to potentially steal user credentials that are stored in the user\u0027s browsers local storage via cross-site-scripting attacks.",
"title": "CVE description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that you apply general security practices when operating the SICK FTMg like network segmentation. The following General Security Practices and Operating Guidelines\ncould mitigate the associated security risk.",
"product_ids": [
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028"
]
}
]
},
{
"cve": "CVE-2023-31409",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "description",
"text": "Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an remote attacker to influence the availability of the webserver by invocing a Slowloris style attack via HTTP requests.",
"title": "CVE description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that you apply general security practices when operating the SICK FTMg like network segmentation. The following General Security Practices and Operating Guidelines\ncould mitigate the associated security risk.",
"product_ids": [
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028"
]
}
]
}
]
}
Loading...