CVE-2023-23450

CVSS 6.2 MEDIUMEPSS 0.7%CWE-836

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 6.2EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

15 mai 2023Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to use a password hash instead of an actual password to login to a valid user account via the REST interface.

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Produtos afetados

SICK AG · SICK FTMG-ESD15AXX AIR FLOW SENSOR SICK AG · SICK FTMG-ESD20AXX AIR FLOW SENSOR SICK AG · SICK FTMG-ESD25AXX AIR FLOW SENSOR SICK AG · SICK FTMG-ESN40SXX AIR FLOW SENSOR SICK AG · SICK FTMG-ESN50SXX AIR FLOW SENSOR SICK AG · SICK FTMG-ESR40SXX AIR FLOW SENSOR SICK AG · SICK FTMG-ESR50SXX AIR FLOW SENSOR

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://sick.com/psirt https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf