Vulnerabilities > CVE-2023-23445 - Incorrect Authorization vulnerability in Sick products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

sick

CWE-863

NVD

Published: 2023-05-15

Updated: 2023-05-25

Summary

Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to gain unauthorized access to data fields by using a therefore unpriviledged account via the REST interface.

Vulnerable Configurations

Part	Description	Count
OS	Sick Sick Ftmg Esd20Axx Firmware * Sick Ftmg Esd25Axx Firmware * Sick Ftmg Esn40Sxx Firmware * Sick Ftmg Esn50Sxx Firmware * Sick Ftmg Esr50Sxx Firmware * Sick Ftmg Esr40Sxx Firmware * Sick Ftmg Esd15Axx Firmware *	7
Hardware	Sick Sick Ftmg Esd20Axx - Sick Ftmg Esd25Axx - Sick Ftmg Esn40Sxx - Sick Ftmg Esn50Sxx - Sick Ftmg Esr50Sxx - Sick Ftmg Esr40Sxx - Sick Ftmg Esd15Axx -	7

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References