CVE-2023-23450

critical

Description

Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to use a password hash instead of an actual password to login to a valid user account via the REST interface.

References

https://sick.com/psirt

https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf

https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json

Details

Source: Mitre, NVD

Published: 2023-05-15

Updated: 2023-05-30

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00168