CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2023-31408
https://notcve.org/view.php?id=CVE-2023-31408
15 May 2023 — Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to potentially steal user credentials that are stored in the user’s browsers local storage via cross-site-scripting attacks. Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to potentially steal user credentia... • https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0CVE-2023-23450
https://notcve.org/view.php?id=CVE-2023-23450
15 May 2023 — Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to use a password hash instead of an actual password to login to a valid user account via the REST interface. Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remo... • https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json • CWE-287: Improper Authentication CWE-836: Use of Password Hash Instead of Password for Authentication •
CVSS: 5.3EPSS: 0%CPEs: 14EXPL: 0CVE-2023-23449
https://notcve.org/view.php?id=CVE-2023-23449
15 May 2023 — Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to gain information about valid usernames by analyzing challenge responses from the server via the REST interface. Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to gain information about valid usernames by analyzing challenge re... • https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json • CWE-203: Observable Discrepancy CWE-204: Observable Response Discrepancy •
CVSS: 5.3EPSS: 0%CPEs: 14EXPL: 0CVE-2023-23448
https://notcve.org/view.php?id=CVE-2023-23448
15 May 2023 — Inclusion of Sensitive Information in Source Code in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to gain information about valid usernames via analysis of source code. Inclusion of Sensitive Information in Source Code in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to gain information about valid usernames via analysis of source code. • https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json • CWE-540: Inclusion of Sensitive Information in Source Code CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2023-23447
https://notcve.org/view.php?id=CVE-2023-23447
15 May 2023 — Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to influence the availability of the webserver by invocing several open file requests via the REST interface. Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to influence the availability of the web... • https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2023-23446
https://notcve.org/view.php?id=CVE-2023-23446
15 May 2023 — Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface. Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface. • https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2023-23445
https://notcve.org/view.php?id=CVE-2023-23445
15 May 2023 — Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to gain unauthorized access to data fields by using a therefore unpriviledged account via the REST interface. Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to gain unauthorized access to data fields by using a theref... • https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 8.5EPSS: 0%CPEs: 22EXPL: 0CVE-2023-23444
https://notcve.org/view.php?id=CVE-2023-23444
12 May 2023 — Missing Authentication for Critical Function in SICK Flexi Classic and Flexi Soft Gateways with Partnumbers 1042193, 1042964, 1044078, 1044072, 1044073, 1044074, 1099830, 1099832, 1127717, 1069070, 1112296, 1051432, 1102420, 1127487, 1121596, 1121597 allows an unauthenticated remote attacker to influence the availability of the device by changing the IP settings of the device via broadcasted UDP packets. • https://sick.com/.well-known/csaf/white/2023/sca-2023-0003.json • CWE-306: Missing Authentication for Critical Function •
CVSS: 10.0EPSS: 0%CPEs: 20EXPL: 0CVE-2023-23451
https://notcve.org/view.php?id=CVE-2023-23451
19 Apr 2023 — The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN1 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN3S04 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN4 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK FX0-GENT00000 FLEXISOFT EIP GATEW. with serial number <=2311xxxx with Firmware <=V2.11.0, SICK FX0-GMO... • https://sick.com/psirt • CWE-306: Missing Authentication for Critical Function CWE-477: Use of Obsolete Function •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-23452
https://notcve.org/view.php?id=CVE-2023-23452
20 Feb 2023 — Missing Authentication for Critical Function in SICK FX0-GPNT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000. • https://sick.com/psirt • CWE-306: Missing Authentication for Critical Function •