cbcvebase.

Sick Ftmg-Esd15Axx Firmware vulnerabilities

8 known vulnerabilities affecting sick/ftmg-esd15axx_firmware.

Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH5MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2023-23450P2CRITICALCVSS 9.8fixed in 2.02023-05-15
CVE-2023-23450 [CRITICAL] CWE-836 CVE-2023-23450: Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR FLOW SENSOR with Partnu Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to use a password hash instead of an actual password to login to a valid user account via the REST interface.
nvd
CVE-2023-23446P3HIGHCVSS 7.5fixed in 2.02023-05-15
CVE-2023-23446 [HIGH] CWE-284 CVE-2023-23446: Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 112 Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface.
nvd
CVE-2023-23445P3HIGHCVSS 7.5fixed in 2.02023-05-15
CVE-2023-23445 [HIGH] CWE-284 CVE-2023-23445: Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 112 Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to gain unauthorized access to data fields by using a therefore unpriviledged account via the REST interface.
nvd
CVE-2023-23447P3HIGHCVSS 7.5fixed in 2.02023-05-15
CVE-2023-23447 [HIGH] CWE-400 CVE-2023-23447: Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 11 Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to influence the availability of the webserver by invocing several open file requests via the REST interface.
nvd
CVE-2023-31409P3HIGHCVSS 7.5fixed in 2.02023-05-15
CVE-2023-31409 [HIGH] CWE-400 CVE-2023-31409: Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 11 Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an remote attacker to influence the availability of the webserver by invocing a Slowloris style attack via HTTP requests.
nvd
CVE-2023-31408P3HIGHCVSS 7.5fixed in 2.02023-05-15
CVE-2023-31408 [HIGH] CWE-312 CVE-2023-31408: Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 11 Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to potentially steal user credentials that are stored in the user’s browsers local storage via cross-site-scripting attacks.
nvd
CVE-2023-23449P4MEDIUMCVSS 5.3fixed in 2.02023-05-15
CVE-2023-23449 [MEDIUM] CWE-204 CVE-2023-23449: Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100 Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to gain information about valid usernames by analyzing challenge responses from the server via the REST interface.
nvd
CVE-2023-23448P4MEDIUMCVSS 5.3fixed in 2.02023-05-15
CVE-2023-23448 [MEDIUM] CWE-540 CVE-2023-23448: Inclusion of Sensitive Information in Source Code in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100 Inclusion of Sensitive Information in Source Code in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to gain information about valid usernames via analysis of source code.
nvd
Sick Ftmg-Esd15Axx Firmware vulnerabilities | cvebase