CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2023-31409
https://notcve.org/view.php?id=CVE-2023-31409
15 May 2023 — Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an remote attacker to influence the availability of the webserver by invocing a Slowloris style attack via HTTP requests. • https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2023-31408
https://notcve.org/view.php?id=CVE-2023-31408
15 May 2023 — Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to potentially steal user credentials that are stored in the user’s browsers local storage via cross-site-scripting attacks. Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to potentially steal user credentia... • https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0CVE-2023-23450
https://notcve.org/view.php?id=CVE-2023-23450
15 May 2023 — Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to use a password hash instead of an actual password to login to a valid user account via the REST interface. Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remo... • https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json • CWE-287: Improper Authentication CWE-836: Use of Password Hash Instead of Password for Authentication •
CVSS: 5.3EPSS: 0%CPEs: 14EXPL: 0CVE-2023-23449
https://notcve.org/view.php?id=CVE-2023-23449
15 May 2023 — Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to gain information about valid usernames by analyzing challenge responses from the server via the REST interface. Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to gain information about valid usernames by analyzing challenge re... • https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json • CWE-203: Observable Discrepancy CWE-204: Observable Response Discrepancy •
CVSS: 5.3EPSS: 0%CPEs: 14EXPL: 0CVE-2023-23448
https://notcve.org/view.php?id=CVE-2023-23448
15 May 2023 — Inclusion of Sensitive Information in Source Code in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to gain information about valid usernames via analysis of source code. Inclusion of Sensitive Information in Source Code in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to gain information about valid usernames via analysis of source code. • https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json • CWE-540: Inclusion of Sensitive Information in Source Code CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2023-23447
https://notcve.org/view.php?id=CVE-2023-23447
15 May 2023 — Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to influence the availability of the webserver by invocing several open file requests via the REST interface. Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to influence the availability of the web... • https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2023-23446
https://notcve.org/view.php?id=CVE-2023-23446
15 May 2023 — Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface. Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface. • https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2023-23445
https://notcve.org/view.php?id=CVE-2023-23445
15 May 2023 — Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to gain unauthorized access to data fields by using a therefore unpriviledged account via the REST interface. Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to gain unauthorized access to data fields by using a theref... • https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-32504
https://notcve.org/view.php?id=CVE-2021-32504
19 Jul 2022 — Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch further attacks on the system. Los usuarios no autenticados pueden acceder a URLs web confidenciales mediante una petición GET, que debería estar restringida sólo a los usuarios de mantenimiento. Un atacante malicioso podría usar esta información confidencial para lanzar otros ataques al sistema. • https://sick.com/psirt • CWE-862: Missing Authorization •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2021-32503
https://notcve.org/view.php?id=CVE-2021-32503
01 Apr 2022 — Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch further attacks on the system. Los usuarios no autenticados pueden acceder a URLs web confidenciales mediante una petición GET, que debería estar restringida sólo a usuarios de mantenimiento. Un atacante malicioso podría usar esta información confidencial para lanzar otros ataques al sistema • https://sick.com/psirt • CWE-400: Uncontrolled Resource Consumption CWE-862: Missing Authorization •