Search

Find a vulnerability

Search criteria

    16 vulnerabilities found for SICK FTMG-ESR40SXX AIR FLOW SENSOR by SICK AG

    CVE-2023-31409 (GCVE-0-2023-31409)

    Vulnerability from nvd – Published: 2023-05-15 10:55 – Updated: 2026-06-01 12:11
    VLAI
    Summary
    Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an remote attacker to influence the availability of the webserver by invocing a Slowloris style attack via HTTP requests.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:53:30.972Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://sick.com/psirt"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf"
              },
              {
                "tags": [
                  "x_csaf",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31409",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-23T17:32:25.090253Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-23T17:32:30.188Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD15AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD20AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD25AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESN40SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESN50SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESR40SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESR50SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an remote attacker to influence the availability of the webserver by invocing a Slowloris style attack via HTTP requests."
                }
              ],
              "value": "Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an remote attacker to influence the availability of the webserver by invocing a Slowloris style attack via HTTP requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T12:11:53.640Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf"
            },
            {
              "tags": [
                "x_csaf"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Please make sure that you apply general security practices when operating the SICK FTMg\nlike network segmentation. The following General Security Practices and Operating Guidelines could\nmitigate the associated security risk."
                }
              ],
              "value": "Please make sure that you apply general security practices when operating the SICK FTMg\nlike network segmentation. The following General Security Practices and Operating Guidelines could\nmitigate the associated security risk."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2023-31409",
        "datePublished": "2023-05-15T10:55:57.836Z",
        "dateReserved": "2023-04-27T18:35:47.418Z",
        "dateUpdated": "2026-06-01T12:11:53.640Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-31408 (GCVE-0-2023-31408)

    Vulnerability from nvd – Published: 2023-05-15 10:55 – Updated: 2026-06-01 07:26
    VLAI
    Summary
    Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to potentially steal user credentials that are stored in the user’s browsers local storage via cross-site-scripting attacks.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-312 - (Cleartext Storage of Sensitive Information)
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:53:30.909Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://sick.com/psirt"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf"
              },
              {
                "tags": [
                  "x_csaf",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31408",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-23T17:32:58.739667Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-23T17:33:18.976Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD15AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD20AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD25AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESN40SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESN50SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESR40SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESR50SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR with\nPartnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote\nattacker to potentially steal user credentials that are stored in the user\u2019s browsers local storage via\ncross-site-scripting attacks."
                }
              ],
              "value": "Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR with\nPartnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote\nattacker to potentially steal user credentials that are stored in the user\u2019s browsers local storage via\ncross-site-scripting attacks."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-312",
                  "description": "CWE-312 (Cleartext Storage of Sensitive Information)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T07:26:36.816Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf"
            },
            {
              "tags": [
                "x_csaf"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Please make sure that you apply general security practices when operating the SICK FTMg\nlike network segmentation. The following General Security Practices and Operating Guidelines could\nmitigate the associated security risk."
                }
              ],
              "value": "Please make sure that you apply general security practices when operating the SICK FTMg\nlike network segmentation. The following General Security Practices and Operating Guidelines could\nmitigate the associated security risk."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2023-31408",
        "datePublished": "2023-05-15T10:55:39.301Z",
        "dateReserved": "2023-04-27T18:35:47.417Z",
        "dateUpdated": "2026-06-01T07:26:36.816Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-23450 (GCVE-0-2023-23450)

    Vulnerability from nvd – Published: 2023-05-15 10:55 – Updated: 2026-06-01 12:13
    VLAI
    Summary
    Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to use a password hash instead of an actual password to login to a valid user account via the REST interface.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-836 - (Use of Password Hash Instead of Password for Authentication)
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:28:40.963Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://sick.com/psirt"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf"
              },
              {
                "tags": [
                  "x_csaf",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-23450",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-23T19:08:56.303182Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-23T19:09:01.324Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD15AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD20AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD25AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESN40SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESN50SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESR40SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESR50SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR\nFLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526\nallows an unprivileged remote attacker to use a password hash instead of an actual password to login\nto a valid user account via the REST interface."
                }
              ],
              "value": "Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR\nFLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526\nallows an unprivileged remote attacker to use a password hash instead of an actual password to login\nto a valid user account via the REST interface."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-836",
                  "description": "CWE-836 (Use of Password Hash Instead of Password for Authentication)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T12:13:17.504Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf"
            },
            {
              "tags": [
                "x_csaf"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Please make sure that you apply general security practices when operating the SICK FTMg\nlike network segmentation. The following General Security Practices and Operating Guidelines could\nmitigate the associated security risk."
                }
              ],
              "value": "Please make sure that you apply general security practices when operating the SICK FTMg\nlike network segmentation. The following General Security Practices and Operating Guidelines could\nmitigate the associated security risk."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2023-23450",
        "datePublished": "2023-05-15T10:55:10.687Z",
        "dateReserved": "2023-01-12T04:07:53.940Z",
        "dateUpdated": "2026-06-01T12:13:17.504Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-23449 (GCVE-0-2023-23449)

    Vulnerability from nvd – Published: 2023-05-15 10:54 – Updated: 2026-06-01 12:21
    VLAI
    Summary
    Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to gain information about valid usernames by analyzing challenge responses from the server via the REST interface.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-204 - Observable Response Discrepancy
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:28:41.070Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://sick.com/psirt"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf"
              },
              {
                "tags": [
                  "x_csaf",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-23449",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-23T19:13:50.768926Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-23T19:13:54.619Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD15AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD20AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD25AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESN40SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESN50SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESR40SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESR50SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker\nto gain information about valid usernames by analyzing challenge responses from the server via the\nREST interface."
                }
              ],
              "value": "Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker\nto gain information about valid usernames by analyzing challenge responses from the server via the\nREST interface."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-204",
                  "description": "CWE-204: Observable Response Discrepancy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T12:21:55.635Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf"
            },
            {
              "tags": [
                "x_csaf"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Please make sure that you apply general security practices when operating the SICK FTMg\nlike network segmentation. The following General Security Practices and Operating Guidelines could\nmitigate the associated security risk."
                }
              ],
              "value": "Please make sure that you apply general security practices when operating the SICK FTMg\nlike network segmentation. The following General Security Practices and Operating Guidelines could\nmitigate the associated security risk."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2023-23449",
        "datePublished": "2023-05-15T10:54:46.463Z",
        "dateReserved": "2023-01-12T04:07:53.939Z",
        "dateUpdated": "2026-06-01T12:21:55.635Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-23448 (GCVE-0-2023-23448)

    Vulnerability from nvd – Published: 2023-05-15 10:53 – Updated: 2026-06-01 12:14
    VLAI
    Summary
    Inclusion of Sensitive Information in Source Code in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to gain information about valid usernames via analysis of source code.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-540 - Inclusion of Sensitive Information in Source Code
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:28:40.885Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://sick.com/psirt"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf"
              },
              {
                "tags": [
                  "x_csaf",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-23448",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-23T19:14:42.455933Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-23T19:15:26.526Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD15AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD20AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD25AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESN40SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESN50SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESR40SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESR50SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Inclusion of Sensitive Information in Source Code in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a\nremote attacker to gain information about valid usernames via analysis of source code."
                }
              ],
              "value": "Inclusion of Sensitive Information in Source Code in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a\nremote attacker to gain information about valid usernames via analysis of source code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-540",
                  "description": "CWE-540: Inclusion of Sensitive Information in Source Code",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T12:14:19.313Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf"
            },
            {
              "tags": [
                "x_csaf"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Please make sure that you apply general security practices when operating the SICK FTMg\nlike network segmentation. The following General Security Practices and Operating Guidelines could\nmitigate the associated security risk."
                }
              ],
              "value": "Please make sure that you apply general security practices when operating the SICK FTMg\nlike network segmentation. The following General Security Practices and Operating Guidelines could\nmitigate the associated security risk."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2023-23448",
        "datePublished": "2023-05-15T10:53:31.506Z",
        "dateReserved": "2023-01-12T04:07:53.938Z",
        "dateUpdated": "2026-06-01T12:14:19.313Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-23447 (GCVE-0-2023-23447)

    Vulnerability from nvd – Published: 2023-05-15 10:53 – Updated: 2026-06-01 12:18
    VLAI
    Summary
    Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to influence the availability of the webserver by invocing several open file requests via the REST interface.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:28:40.882Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://sick.com/psirt"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf"
              },
              {
                "tags": [
                  "x_csaf",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-23447",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-23T19:15:49.721428Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-23T19:15:53.962Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD15AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "v3.0.0.131.Release",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD20AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "v3.0.0.131.Release",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD25AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "v3.0.0.131.Release",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESN40SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "v3.0.0.131.Release",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESN50SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "v3.0.0.131.Release",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESR40SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "v3.0.0.131.Release",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESR50SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "v3.0.0.131.Release",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged\nremote attacker to influence the availability of the webserver by invocing several open file requests via\nthe REST interface."
                }
              ],
              "value": "Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged\nremote attacker to influence the availability of the webserver by invocing several open file requests via\nthe REST interface."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T12:18:09.574Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf"
            },
            {
              "tags": [
                "x_csaf"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SICK has released a new major version v3.0.0.131.Release of the SICK FTMg firmware and\nrecommends updating to the newest version."
                }
              ],
              "value": "SICK has released a new major version v3.0.0.131.Release of the SICK FTMg firmware and\nrecommends updating to the newest version."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2023-23447",
        "datePublished": "2023-05-15T10:53:05.800Z",
        "dateReserved": "2023-01-12T04:07:53.938Z",
        "dateUpdated": "2026-06-01T12:18:09.574Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-23446 (GCVE-0-2023-23446)

    Vulnerability from nvd – Published: 2023-05-15 10:52 – Updated: 2026-06-01 12:19
    VLAI
    Summary
    Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - (Improper Access Control)
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:28:41.041Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://sick.com/psirt"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf"
              },
              {
                "tags": [
                  "x_csaf",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-23446",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-23T19:16:08.743687Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-23T19:16:29.331Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD15AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "v3.0.0.131.Release",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD20AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "v3.0.0.131.Release",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD25AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "v3.0.0.131.Release",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESN40SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "v3.0.0.131.Release",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESN50SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "v3.0.0.131.Release",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESR40SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "v3.0.0.131.Release",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESR50SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "v3.0.0.131.Release",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers\n1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface."
                }
              ],
              "value": "Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers\n1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 (Improper Access Control)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T12:19:51.613Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf"
            },
            {
              "tags": [
                "x_csaf"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SICK has released a new major version v3.0.0.131.Release of the SICK FTMg firmware and\nrecommends updating to the newest version."
                }
              ],
              "value": "SICK has released a new major version v3.0.0.131.Release of the SICK FTMg firmware and\nrecommends updating to the newest version."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2023-23446",
        "datePublished": "2023-05-15T10:52:30.269Z",
        "dateReserved": "2023-01-12T04:07:53.938Z",
        "dateUpdated": "2026-06-01T12:19:51.613Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-23445 (GCVE-0-2023-23445)

    Vulnerability from nvd – Published: 2023-05-15 10:51 – Updated: 2026-06-01 12:20
    VLAI
    Summary
    Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to gain unauthorized access to data fields by using a therefore unpriviledged account via the REST interface.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:28:40.858Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://sick.com/psirt"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf"
              },
              {
                "tags": [
                  "x_csaf",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-23445",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-23T19:17:53.365000Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-23T19:17:56.655Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD15AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD20AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD25AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESN40SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESN50SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESR40SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESR50SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers\n1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote\nattacker to gain unauthorized access to data fields by using a therefore unpriviledged account via the\nREST interface."
                }
              ],
              "value": "Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers\n1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote\nattacker to gain unauthorized access to data fields by using a therefore unpriviledged account via the\nREST interface."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T12:20:49.066Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf"
            },
            {
              "tags": [
                "x_csaf"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Please make sure that you apply general security practices when operating the SICK FTMg\nlike network segmentation. The following General Security Practices and Operating Guidelines could\nmitigate the associated security risk."
                }
              ],
              "value": "Please make sure that you apply general security practices when operating the SICK FTMg\nlike network segmentation. The following General Security Practices and Operating Guidelines could\nmitigate the associated security risk."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2023-23445",
        "datePublished": "2023-05-15T10:51:44.194Z",
        "dateReserved": "2023-01-12T04:07:53.938Z",
        "dateUpdated": "2026-06-01T12:20:49.066Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-31409 (GCVE-0-2023-31409)

    Vulnerability from cvelistv5 – Published: 2023-05-15 10:55 – Updated: 2026-06-01 12:11
    VLAI
    Summary
    Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an remote attacker to influence the availability of the webserver by invocing a Slowloris style attack via HTTP requests.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:53:30.972Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://sick.com/psirt"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf"
              },
              {
                "tags": [
                  "x_csaf",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31409",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-23T17:32:25.090253Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-23T17:32:30.188Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD15AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD20AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD25AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESN40SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESN50SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESR40SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESR50SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an remote attacker to influence the availability of the webserver by invocing a Slowloris style attack via HTTP requests."
                }
              ],
              "value": "Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an remote attacker to influence the availability of the webserver by invocing a Slowloris style attack via HTTP requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T12:11:53.640Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf"
            },
            {
              "tags": [
                "x_csaf"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Please make sure that you apply general security practices when operating the SICK FTMg\nlike network segmentation. The following General Security Practices and Operating Guidelines could\nmitigate the associated security risk."
                }
              ],
              "value": "Please make sure that you apply general security practices when operating the SICK FTMg\nlike network segmentation. The following General Security Practices and Operating Guidelines could\nmitigate the associated security risk."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2023-31409",
        "datePublished": "2023-05-15T10:55:57.836Z",
        "dateReserved": "2023-04-27T18:35:47.418Z",
        "dateUpdated": "2026-06-01T12:11:53.640Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-31408 (GCVE-0-2023-31408)

    Vulnerability from cvelistv5 – Published: 2023-05-15 10:55 – Updated: 2026-06-01 07:26
    VLAI
    Summary
    Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to potentially steal user credentials that are stored in the user’s browsers local storage via cross-site-scripting attacks.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-312 - (Cleartext Storage of Sensitive Information)
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:53:30.909Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://sick.com/psirt"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf"
              },
              {
                "tags": [
                  "x_csaf",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31408",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-23T17:32:58.739667Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-23T17:33:18.976Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD15AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD20AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD25AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESN40SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESN50SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESR40SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESR50SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR with\nPartnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote\nattacker to potentially steal user credentials that are stored in the user\u2019s browsers local storage via\ncross-site-scripting attacks."
                }
              ],
              "value": "Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR with\nPartnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote\nattacker to potentially steal user credentials that are stored in the user\u2019s browsers local storage via\ncross-site-scripting attacks."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-312",
                  "description": "CWE-312 (Cleartext Storage of Sensitive Information)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T07:26:36.816Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf"
            },
            {
              "tags": [
                "x_csaf"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Please make sure that you apply general security practices when operating the SICK FTMg\nlike network segmentation. The following General Security Practices and Operating Guidelines could\nmitigate the associated security risk."
                }
              ],
              "value": "Please make sure that you apply general security practices when operating the SICK FTMg\nlike network segmentation. The following General Security Practices and Operating Guidelines could\nmitigate the associated security risk."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2023-31408",
        "datePublished": "2023-05-15T10:55:39.301Z",
        "dateReserved": "2023-04-27T18:35:47.417Z",
        "dateUpdated": "2026-06-01T07:26:36.816Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-23450 (GCVE-0-2023-23450)

    Vulnerability from cvelistv5 – Published: 2023-05-15 10:55 – Updated: 2026-06-01 12:13
    VLAI
    Summary
    Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to use a password hash instead of an actual password to login to a valid user account via the REST interface.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-836 - (Use of Password Hash Instead of Password for Authentication)
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:28:40.963Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://sick.com/psirt"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf"
              },
              {
                "tags": [
                  "x_csaf",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-23450",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-23T19:08:56.303182Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-23T19:09:01.324Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD15AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD20AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD25AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESN40SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESN50SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESR40SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESR50SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR\nFLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526\nallows an unprivileged remote attacker to use a password hash instead of an actual password to login\nto a valid user account via the REST interface."
                }
              ],
              "value": "Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR\nFLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526\nallows an unprivileged remote attacker to use a password hash instead of an actual password to login\nto a valid user account via the REST interface."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-836",
                  "description": "CWE-836 (Use of Password Hash Instead of Password for Authentication)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T12:13:17.504Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf"
            },
            {
              "tags": [
                "x_csaf"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Please make sure that you apply general security practices when operating the SICK FTMg\nlike network segmentation. The following General Security Practices and Operating Guidelines could\nmitigate the associated security risk."
                }
              ],
              "value": "Please make sure that you apply general security practices when operating the SICK FTMg\nlike network segmentation. The following General Security Practices and Operating Guidelines could\nmitigate the associated security risk."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2023-23450",
        "datePublished": "2023-05-15T10:55:10.687Z",
        "dateReserved": "2023-01-12T04:07:53.940Z",
        "dateUpdated": "2026-06-01T12:13:17.504Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-23449 (GCVE-0-2023-23449)

    Vulnerability from cvelistv5 – Published: 2023-05-15 10:54 – Updated: 2026-06-01 12:21
    VLAI
    Summary
    Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to gain information about valid usernames by analyzing challenge responses from the server via the REST interface.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-204 - Observable Response Discrepancy
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:28:41.070Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://sick.com/psirt"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf"
              },
              {
                "tags": [
                  "x_csaf",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-23449",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-23T19:13:50.768926Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-23T19:13:54.619Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD15AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD20AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD25AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESN40SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESN50SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESR40SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESR50SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker\nto gain information about valid usernames by analyzing challenge responses from the server via the\nREST interface."
                }
              ],
              "value": "Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker\nto gain information about valid usernames by analyzing challenge responses from the server via the\nREST interface."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-204",
                  "description": "CWE-204: Observable Response Discrepancy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T12:21:55.635Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf"
            },
            {
              "tags": [
                "x_csaf"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Please make sure that you apply general security practices when operating the SICK FTMg\nlike network segmentation. The following General Security Practices and Operating Guidelines could\nmitigate the associated security risk."
                }
              ],
              "value": "Please make sure that you apply general security practices when operating the SICK FTMg\nlike network segmentation. The following General Security Practices and Operating Guidelines could\nmitigate the associated security risk."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2023-23449",
        "datePublished": "2023-05-15T10:54:46.463Z",
        "dateReserved": "2023-01-12T04:07:53.939Z",
        "dateUpdated": "2026-06-01T12:21:55.635Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-23448 (GCVE-0-2023-23448)

    Vulnerability from cvelistv5 – Published: 2023-05-15 10:53 – Updated: 2026-06-01 12:14
    VLAI
    Summary
    Inclusion of Sensitive Information in Source Code in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to gain information about valid usernames via analysis of source code.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-540 - Inclusion of Sensitive Information in Source Code
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:28:40.885Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://sick.com/psirt"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf"
              },
              {
                "tags": [
                  "x_csaf",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-23448",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-23T19:14:42.455933Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-23T19:15:26.526Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD15AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD20AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD25AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESN40SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESN50SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESR40SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESR50SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Inclusion of Sensitive Information in Source Code in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a\nremote attacker to gain information about valid usernames via analysis of source code."
                }
              ],
              "value": "Inclusion of Sensitive Information in Source Code in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a\nremote attacker to gain information about valid usernames via analysis of source code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-540",
                  "description": "CWE-540: Inclusion of Sensitive Information in Source Code",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T12:14:19.313Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf"
            },
            {
              "tags": [
                "x_csaf"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Please make sure that you apply general security practices when operating the SICK FTMg\nlike network segmentation. The following General Security Practices and Operating Guidelines could\nmitigate the associated security risk."
                }
              ],
              "value": "Please make sure that you apply general security practices when operating the SICK FTMg\nlike network segmentation. The following General Security Practices and Operating Guidelines could\nmitigate the associated security risk."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2023-23448",
        "datePublished": "2023-05-15T10:53:31.506Z",
        "dateReserved": "2023-01-12T04:07:53.938Z",
        "dateUpdated": "2026-06-01T12:14:19.313Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-23447 (GCVE-0-2023-23447)

    Vulnerability from cvelistv5 – Published: 2023-05-15 10:53 – Updated: 2026-06-01 12:18
    VLAI
    Summary
    Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to influence the availability of the webserver by invocing several open file requests via the REST interface.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:28:40.882Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://sick.com/psirt"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf"
              },
              {
                "tags": [
                  "x_csaf",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-23447",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-23T19:15:49.721428Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-23T19:15:53.962Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD15AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "v3.0.0.131.Release",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD20AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "v3.0.0.131.Release",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD25AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "v3.0.0.131.Release",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESN40SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "v3.0.0.131.Release",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESN50SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "v3.0.0.131.Release",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESR40SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "v3.0.0.131.Release",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESR50SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "v3.0.0.131.Release",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged\nremote attacker to influence the availability of the webserver by invocing several open file requests via\nthe REST interface."
                }
              ],
              "value": "Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged\nremote attacker to influence the availability of the webserver by invocing several open file requests via\nthe REST interface."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T12:18:09.574Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf"
            },
            {
              "tags": [
                "x_csaf"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SICK has released a new major version v3.0.0.131.Release of the SICK FTMg firmware and\nrecommends updating to the newest version."
                }
              ],
              "value": "SICK has released a new major version v3.0.0.131.Release of the SICK FTMg firmware and\nrecommends updating to the newest version."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2023-23447",
        "datePublished": "2023-05-15T10:53:05.800Z",
        "dateReserved": "2023-01-12T04:07:53.938Z",
        "dateUpdated": "2026-06-01T12:18:09.574Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-23446 (GCVE-0-2023-23446)

    Vulnerability from cvelistv5 – Published: 2023-05-15 10:52 – Updated: 2026-06-01 12:19
    VLAI
    Summary
    Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - (Improper Access Control)
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:28:41.041Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://sick.com/psirt"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf"
              },
              {
                "tags": [
                  "x_csaf",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-23446",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-23T19:16:08.743687Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-23T19:16:29.331Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD15AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "v3.0.0.131.Release",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD20AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "v3.0.0.131.Release",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD25AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "v3.0.0.131.Release",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESN40SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "v3.0.0.131.Release",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESN50SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "v3.0.0.131.Release",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESR40SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "v3.0.0.131.Release",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESR50SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "v3.0.0.131.Release",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers\n1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface."
                }
              ],
              "value": "Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers\n1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 (Improper Access Control)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T12:19:51.613Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf"
            },
            {
              "tags": [
                "x_csaf"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SICK has released a new major version v3.0.0.131.Release of the SICK FTMg firmware and\nrecommends updating to the newest version."
                }
              ],
              "value": "SICK has released a new major version v3.0.0.131.Release of the SICK FTMg firmware and\nrecommends updating to the newest version."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2023-23446",
        "datePublished": "2023-05-15T10:52:30.269Z",
        "dateReserved": "2023-01-12T04:07:53.938Z",
        "dateUpdated": "2026-06-01T12:19:51.613Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-23445 (GCVE-0-2023-23445)

    Vulnerability from cvelistv5 – Published: 2023-05-15 10:51 – Updated: 2026-06-01 12:20
    VLAI
    Summary
    Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to gain unauthorized access to data fields by using a therefore unpriviledged account via the REST interface.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:28:40.858Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://sick.com/psirt"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf"
              },
              {
                "tags": [
                  "x_csaf",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-23445",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-23T19:17:53.365000Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-23T19:17:56.655Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD15AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD20AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESD25AXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESN40SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESN50SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESR40SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK FTMG-ESR50SXX AIR FLOW SENSOR",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all firmware versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers\n1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote\nattacker to gain unauthorized access to data fields by using a therefore unpriviledged account via the\nREST interface."
                }
              ],
              "value": "Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers\n1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote\nattacker to gain unauthorized access to data fields by using a therefore unpriviledged account via the\nREST interface."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T12:20:49.066Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf"
            },
            {
              "tags": [
                "x_csaf"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Please make sure that you apply general security practices when operating the SICK FTMg\nlike network segmentation. The following General Security Practices and Operating Guidelines could\nmitigate the associated security risk."
                }
              ],
              "value": "Please make sure that you apply general security practices when operating the SICK FTMg\nlike network segmentation. The following General Security Practices and Operating Guidelines could\nmitigate the associated security risk."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2023-23445",
        "datePublished": "2023-05-15T10:51:44.194Z",
        "dateReserved": "2023-01-12T04:07:53.938Z",
        "dateUpdated": "2026-06-01T12:20:49.066Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }