CVE-2023-23446

Description

Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface.

Remediation

Solution:

SICK has released a new major version v3.0.0.131.Release of the SICK FTMg firmware and recommends updating to the newest version.

References

Link	Tags
https://sick.com/psirt	vendor advisory issue tracking
https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf	vendor advisory
https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2023-23446?: CVE-2023-23446 has been scored as a high severity vulnerability.
How to fix CVE-2023-23446?: To fix CVE-2023-23446: SICK has released a new major version v3.0.0.131.Release of the SICK FTMg firmware and recommends updating to the newest version.
Is CVE-2023-23446 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2023-23446 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-23446?: CVE-2023-23446 affects SICK AG SICK FTMG-ESD15AXX AIR FLOW SENSOR, SICK AG SICK FTMG-ESD20AXX AIR FLOW SENSOR, SICK AG SICK FTMG-ESD25AXX AIR FLOW SENSOR, SICK AG SICK FTMG-ESN40SXX AIR FLOW SENSOR, SICK AG SICK FTMG-ESN50SXX AIR FLOW SENSOR, SICK AG SICK FTMG-ESR40SXX AIR FLOW SENSOR, SICK AG SICK FTMG-ESR50SXX AIR FLOW SENSOR.

Description

Remediation

Categories

CWE-284 – Improper Access Control

CWE-863 – Incorrect Authorization

References

Frequently Asked Questions