Unauthorized Access to Data Fields via REST Interface in SICK FTMg AIR FLOW SENSOR

Unauthorized Access to Data Fields via REST Interface in SICK FTMg AIR FLOW SENSOR

CVE-2023-23445 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to gain unauthorized access to data fields by using a therefore unpriviledged account via the REST interface.

Learn more about our Web Application Penetration Testing UK.