CVE-2023-23447
7.5 HIGHUncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 112...
Published: 2023-05-15 · Last updated: 2026-06-01
Severity and scoring
- CVSS
- 7.5 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- CWE
- CWE-400
Affected products
| Vendor | Product |
|---|---|
| sick | ftmg-esd15axx_firmware, ftmg-esd20axx_firmware, ftmg-esd25axx_firmware |
Description
Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to influence the availability of the webserver by invocing several open file requests via the REST interface.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2023-23447
- [Vendor advisory]https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json
- [Vendor advisory]https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf
- [Vendor advisory]https://sick.com/psirt
- [Vendor advisory]https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json
- [Vendor advisory]https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf
- [Vendor advisory]https://sick.com/psirt
Related CVEs
Same vendor
- CVE-2023-3273 — Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to affect the availability of the device by c... (7.5 HIGH)
- CVE-2023-3272 — Cleartext Transmission of Sensitive Information in the SICK ICR890-4 could allow a remote attacker to gather sensitive information by int... (7.5 HIGH)
- CVE-2023-3271 — Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to gather information about the system and do... (8.2 HIGH)
- CVE-2023-35699 — Cleartext Storage on Disk in the SICK ICR890-4 could allow an unauthenticated attacker with local access to the device to disclose sensit... (5.3 MEDIUM)
- CVE-2023-35698 — Observable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify valid usernames for the FTP server from th... (5.3 MEDIUM)
Same CWE
- CVE-2026-12325 — Denial-of-service in the Graphics: ImageLib component (6.5 MEDIUM)
- CVE-2026-12319 — Denial-of-service in the Audio/Video: Playback component (6.5 MEDIUM)
- CVE-2026-50889 — An input handling flaw in the HTTP refresh token process of LLDAP v0.6.2 allows attackers to cause a Denial of Service (DoS) via sending ... (7.5 HIGH)
- CVE-2026-50882 — An issue in the /api/v0/pastes endpoint of anna-is-cute paste v0.1.1 allows attackers to cause a Denial of Service (DoS) via a crafted PO... (7.5 HIGH)
- CVE-2026-50879 — An issue in the uploadPostHandler component of Andrei Marcu linx-server v2.3.8 allows attackers to cause a Denial of Service (DoS) via a ... (7.5 HIGH)