CVE-2023-23450
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR
FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526
allows an unprivileged remote attacker to use a password hash instead of an actual password to login
to a valid user account via the REST interface.
Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to use a password hash instead of an actual password to login to a valid user account via the REST interface.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-01-12 CVE Reserved
- 2023-05-15 CVE Published
- 2024-08-02 CVE Updated
- 2025-01-03 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
- CWE-836: Use of Password Hash Instead of Password for Authentication
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json | 2023-05-30 | |
| https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf | 2023-05-30 | |
| https://sick.com/psirt | 2023-05-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sick Search vendor "Sick" | Ftmg-esd20axx Firmware Search vendor "Sick" for product "Ftmg-esd20axx Firmware" | < 2.0 Search vendor "Sick" for product "Ftmg-esd20axx Firmware" and version " < 2.0" | - |
Affected
| in | Sick Search vendor "Sick" | Ftmg-esd20axx Search vendor "Sick" for product "Ftmg-esd20axx" | - | - |
Safe
|
| Sick Search vendor "Sick" | Ftmg-esd25axx Firmware Search vendor "Sick" for product "Ftmg-esd25axx Firmware" | < 2.0 Search vendor "Sick" for product "Ftmg-esd25axx Firmware" and version " < 2.0" | - |
Affected
| in | Sick Search vendor "Sick" | Ftmg-esd25axx Search vendor "Sick" for product "Ftmg-esd25axx" | - | - |
Safe
|
| Sick Search vendor "Sick" | Ftmg-esn40sxx Firmware Search vendor "Sick" for product "Ftmg-esn40sxx Firmware" | < 2.0 Search vendor "Sick" for product "Ftmg-esn40sxx Firmware" and version " < 2.0" | - |
Affected
| in | Sick Search vendor "Sick" | Ftmg-esn40sxx Search vendor "Sick" for product "Ftmg-esn40sxx" | - | - |
Safe
|
| Sick Search vendor "Sick" | Ftmg-esn50sxx Firmware Search vendor "Sick" for product "Ftmg-esn50sxx Firmware" | < 2.0 Search vendor "Sick" for product "Ftmg-esn50sxx Firmware" and version " < 2.0" | - |
Affected
| in | Sick Search vendor "Sick" | Ftmg-esn50sxx Search vendor "Sick" for product "Ftmg-esn50sxx" | - | - |
Safe
|
| Sick Search vendor "Sick" | Ftmg-esr50sxx Firmware Search vendor "Sick" for product "Ftmg-esr50sxx Firmware" | < 2.0 Search vendor "Sick" for product "Ftmg-esr50sxx Firmware" and version " < 2.0" | - |
Affected
| in | Sick Search vendor "Sick" | Ftmg-esr50sxx Search vendor "Sick" for product "Ftmg-esr50sxx" | - | - |
Safe
|
| Sick Search vendor "Sick" | Ftmg-esr40sxx Firmware Search vendor "Sick" for product "Ftmg-esr40sxx Firmware" | < 2.0 Search vendor "Sick" for product "Ftmg-esr40sxx Firmware" and version " < 2.0" | - |
Affected
| in | Sick Search vendor "Sick" | Ftmg-esr40sxx Search vendor "Sick" for product "Ftmg-esr40sxx" | - | - |
Safe
|
| Sick Search vendor "Sick" | Ftmg-esd15axx Firmware Search vendor "Sick" for product "Ftmg-esd15axx Firmware" | < 2.0 Search vendor "Sick" for product "Ftmg-esd15axx Firmware" and version " < 2.0" | - |
Affected
| in | Sick Search vendor "Sick" | Ftmg-esd15axx Search vendor "Sick" for product "Ftmg-esd15axx" | - | - |
Safe
|