CVE-2023-23450
moderate-risk
Published 2023-05-15
Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to use a password hash instead of an actual password to login to a valid user account via the REST interface.
Do I need to act?
-
0.29% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.2/10
Medium
LOCAL
/ LOW complexity
Affected Products (7)
Ftmg-Esd20Axx Firmware
Ftmg-Esd25Axx Firmware
Ftmg-Esn40Sxx Firmware
Ftmg-Esn50Sxx Firmware
Ftmg-Esr50Sxx Firmware
Ftmg-Esr40Sxx Firmware
Ftmg-Esd15Axx Firmware
Affected Vendors
References (6)
Vendor Advisory
https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json
Vendor Advisory
https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf
Vendor Advisory
https://sick.com/psirt
Vendor Advisory
https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json
Vendor Advisory
https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf
Vendor Advisory
https://sick.com/psirt
35
/ 100
moderate-risk
Severity
20/34 · Moderate
Exploitability
1/34 · Minimal
Exposure
14/34 · Moderate