CVE-2023-31409 : Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers

Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an remote attacker to influence the availability of the webserver by invocing a Slowloris style attack via HTTP requests.

Published 2023-05-15 11:15:10

Updated 2023-05-25 14:21:14

Source SICK AG

View at NVD, CVE.org

Products affected by CVE-2023-31409

Sick » Ftmg-esd20axx Firmware
Versions before (<) 2.0
cpe:2.3:o:sick:ftmg-esd20axx_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Sick » Ftmg-esd20axx » Version: N/A
Sick » Ftmg-esd25axx Firmware
Versions before (<) 2.0
cpe:2.3:o:sick:ftmg-esd25axx_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Sick » Ftmg-esd25axx » Version: N/A
Sick » Ftmg-esn40sxx Firmware
Versions before (<) 2.0
cpe:2.3:o:sick:ftmg-esn40sxx_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Sick » Ftmg-esn40sxx » Version: N/A
Sick » Ftmg-esn50sxx Firmware
Versions before (<) 2.0
cpe:2.3:o:sick:ftmg-esn50sxx_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Sick » Ftmg-esn50sxx » Version: N/A
Sick » Ftmg-esr50sxx Firmware
Versions before (<) 2.0
cpe:2.3:o:sick:ftmg-esr50sxx_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Sick » Ftmg-esr50sxx » Version: N/A
Sick » Ftmg-esr40sxx Firmware
Versions before (<) 2.0
cpe:2.3:o:sick:ftmg-esr40sxx_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Sick » Ftmg-esr40sxx » Version: N/A
Sick » Ftmg-esd15axx Firmware
Versions before (<) 2.0
cpe:2.3:o:sick:ftmg-esd15axx_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Sick » Ftmg-esd15axx » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2023-31409

EPSS FAQ

0.23%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 45 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-31409

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L	3.9	1.4	SICK AG
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: Low

CWE ids for CVE-2023-31409

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.
Assigned by:
- nvd@nist.gov (Primary)
- psirt@sick.de (Secondary)

References for CVE-2023-31409

https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf

Vendor Advisory

CVEs referencing this url
https://sick.com/psirt

The SICK Product Security Incident Response Team (SICK PSIRT) | SICK
Vendor Advisory

CVEs referencing this url
https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json

Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2023-31409

Products affected by CVE-2023-31409

Exploit prediction scoring system (EPSS) score for CVE-2023-31409

CVSS scores for CVE-2023-31409

CWE ids for CVE-2023-31409

References for CVE-2023-31409