CVE-2023-23450 Information

Description

Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214 1100215 1100216 1120114 1120116 1122524 1122526 allows an unprivileged remote attacker to use a password hash instead of an actual password to login to a valid user account via the REST interface.

Reference

https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf https://sick.com/psirt https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json