CVE-2023-23450

Summary

CVE	CVE-2023-23450
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-05-15 11:15:00 UTC
Updated	2023-05-30 14:11:00 UTC
Description	Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to use a password hash instead of an actual password to login to a valid user account via the REST interface.

Risk And Classification

Problem Types: CWE-287

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Sick	Ftmg-esd15axx	-	All	All	All
Operating System	Sick	Ftmg-esd15axx Firmware	All	All	All	All
Hardware	Sick	Ftmg-esd20axx	-	All	All	All
Operating System	Sick	Ftmg-esd20axx Firmware	All	All	All	All
Hardware	Sick	Ftmg-esd25axx	-	All	All	All
Operating System	Sick	Ftmg-esd25axx Firmware	All	All	All	All
Hardware	Sick	Ftmg-esn40sxx	-	All	All	All
Operating System	Sick	Ftmg-esn40sxx Firmware	All	All	All	All
Hardware	Sick	Ftmg-esn50sxx	-	All	All	All
Operating System	Sick	Ftmg-esn50sxx Firmware	All	All	All	All
Hardware	Sick	Ftmg-esr40sxx	-	All	All	All
Operating System	Sick	Ftmg-esr40sxx Firmware	All	All	All	All
Hardware	Sick	Ftmg-esr50sxx	-	All	All	All
Operating System	Sick	Ftmg-esr50sxx Firmware	All	All	All	All

References

Reference	Source	Link	Tags
sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf	MISC	sick.com
The SICK Product Security Incident Response Team (SICK PSIRT) \| SICK	MISC	sick.com
sick.com/.well-known/csaf/white/2023/sca-2023-0004.json	MISC	sick.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.