CVE-2023-23449
CVE-2023-23449
In short
A flaw in SICK air flow sensors allows attackers to discover valid usernames by observing how the device responds differently to authentication attempts. This could help them prepare for further attacks on the system.
Technical detail
Observable response discrepancy in the REST interface authentication mechanism enables username enumeration through timing or response analysis. An unauthenticated remote attacker can infer valid usernames by comparing challenge-response patterns, reducing the search space for credential brute-force attacks.
Summary generated and translated by AI from the official description.
Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker
to gain information about valid usernames by analyzing challenge responses from the server via the
REST interface.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
SICK AG · SICK FTMG-ESD15AXX AIR FLOW SENSORSICK AG · SICK FTMG-ESD20AXX AIR FLOW SENSORSICK AG · SICK FTMG-ESD25AXX AIR FLOW SENSORSICK AG · SICK FTMG-ESN40SXX AIR FLOW SENSORSICK AG · SICK FTMG-ESN50SXX AIR FLOW SENSORSICK AG · SICK FTMG-ESR40SXX AIR FLOW SENSORSICK AG · SICK FTMG-ESR50SXX AIR FLOW SENSORWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →