Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR by SICK AG
CVE-2023-31409

5.3MEDIUM

Key Information:

Vendor
Sick Ag
Status
Sick Ftmg-esd15axx Air Flow Sensor
Sick Ftmg-esd20axx Air Flow Sensor
Sick Ftmg-esd25axx Air Flow Sensor
Sick Ftmg-esn40sxx Air Flow Sensor
Vendor
CVE Published:
15 May 2023

Summary

The SICK FTMg AIR FLOW SENSOR experiences a vulnerability that allows remote attackers to influence web server availability through slow requests, leading to potential denial-of-service situations. This flaw can be exploited via Slowloris-style attacks, where the server's resources are consumed by an excessive number of slow incoming connections, impairing its ability to serve legitimate requests.

Affected Version(s)

SICK FTMG-ESD15AXX AIR FLOW SENSOR all firmware versions

SICK FTMG-ESD20AXX AIR FLOW SENSOR all firmware versions

SICK FTMG-ESD25AXX AIR FLOW SENSOR all firmware versions

References

https://sick.com/psirt
issue-tracking
https://sick.com/.well-known/csaf/white/2023/sca-2023-000...
vendor-advisory
https://sick.com/.well-known/csaf/white/2023/sca-2023-000...
x_csaf

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.