Vulnerabilities > CVE-2021-32504 - Missing Authorization vulnerability in Sick Ftmg Firmware

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

sick

CWE-862

NVD

Published: 2022-07-19

Updated: 2022-07-27

Summary

Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch further attacks on the system.

Vulnerable Configurations

Part	Description	Count
OS	Sick Sick Ftmg Firmware -	1
Hardware	Sick Sick Ftmg -	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://sick.com/psirt