CVE-2023-23447
moderate-risk
Published 2023-05-15
Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to influence the availability of the webserver by invocing several open file requests via the REST interface.
Do I need to act?
-
0.43% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (7)
Ftmg-Esd20Axx Firmware
Ftmg-Esd25Axx Firmware
Ftmg-Esn40Sxx Firmware
Ftmg-Esn50Sxx Firmware
Ftmg-Esr50Sxx Firmware
Ftmg-Esr40Sxx Firmware
Ftmg-Esd15Axx Firmware
Affected Vendors
References (6)
Vendor Advisory
https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json
Vendor Advisory
https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf
Vendor Advisory
https://sick.com/psirt
Vendor Advisory
https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json
Vendor Advisory
https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf
Vendor Advisory
https://sick.com/psirt
42
/ 100
moderate-risk
Severity
26/34 · High
Exploitability
2/34 · Minimal
Exposure
14/34 · Moderate