CVE-2023-23450
Severity CVSS v4.0:
Pending analysis
Type:
CWE-287
Authentication Issues
Publication date:
15/05/2023
Last modified:
30/05/2023
Description
<br />
Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR<br />
FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526<br />
allows an unprivileged remote attacker to use a password hash instead of an actual password to login<br />
to a valid user account via the REST interface.<br />
<br />
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:sick:ftmg-esd20axx_firmware:*:*:*:*:*:*:*:* | 2.0 (excluding) | |
| cpe:2.3:h:sick:ftmg-esd20axx:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:sick:ftmg-esd25axx_firmware:*:*:*:*:*:*:*:* | 2.0 (excluding) | |
| cpe:2.3:h:sick:ftmg-esd25axx:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:sick:ftmg-esn40sxx_firmware:*:*:*:*:*:*:*:* | 2.0 (excluding) | |
| cpe:2.3:h:sick:ftmg-esn40sxx:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:sick:ftmg-esn50sxx_firmware:*:*:*:*:*:*:*:* | 2.0 (excluding) | |
| cpe:2.3:h:sick:ftmg-esn50sxx:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:sick:ftmg-esr50sxx_firmware:*:*:*:*:*:*:*:* | 2.0 (excluding) | |
| cpe:2.3:h:sick:ftmg-esr50sxx:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:sick:ftmg-esr40sxx_firmware:*:*:*:*:*:*:*:* | 2.0 (excluding) | |
| cpe:2.3:h:sick:ftmg-esr40sxx:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:sick:ftmg-esd15axx_firmware:*:*:*:*:*:*:*:* | 2.0 (excluding) | |
| cpe:2.3:h:sick:ftmg-esd15axx:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page