{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2023-31408", "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "state": "PUBLISHED", "assignerShortName": "SICK AG", "dateReserved": "2023-04-27T18:35:47.417Z", "datePublished": "2023-05-15T10:55:39.301Z", "dateUpdated": "2026-06-01T07:26:36.816Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "shortName": "SICK AG", "dateUpdated": "2026-06-01T07:26:36.816Z" }, "problemTypes": [ { "descriptions": [ { "lang": "en", "cweId": "CWE-312", "description": "CWE-312 (Cleartext Storage of Sensitive Information)", "type": "CWE" } ] } ], "affected": [ { "vendor": "SICK AG", "product": "SICK FTMG-ESD15AXX AIR FLOW SENSOR", "versions": [ { "status": "affected", "version": "all firmware versions" } ], "defaultStatus": "affected" }, { "vendor": "SICK AG", "product": "SICK FTMG-ESD20AXX AIR FLOW SENSOR", "versions": [ { "status": "affected", "version": "all firmware versions" } ], "defaultStatus": "affected" }, { "vendor": "SICK AG", "product": "SICK FTMG-ESD25AXX AIR FLOW SENSOR", "versions": [ { "status": "affected", "version": "all firmware versions" } ], "defaultStatus": "affected" }, { "vendor": "SICK AG", "product": "SICK FTMG-ESN40SXX AIR FLOW SENSOR", "versions": [ { "status": "affected", "version": "all firmware versions" } ], "defaultStatus": "affected" }, { "vendor": "SICK AG", "product": "SICK FTMG-ESN50SXX AIR FLOW SENSOR", "versions": [ { "status": "affected", "version": "all firmware versions" } ], "defaultStatus": "affected" }, { "vendor": "SICK AG", "product": "SICK FTMG-ESR40SXX AIR FLOW SENSOR", "versions": [ { "status": "affected", "version": "all firmware versions" } ], "defaultStatus": "affected" }, { "vendor": "SICK AG", "product": "SICK FTMG-ESR50SXX AIR FLOW SENSOR", "versions": [ { "status": "affected", "version": "all firmware versions" } ], "defaultStatus": "affected" } ], "descriptions": [ { "lang": "en", "value": "Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR with\nPartnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote\nattacker to potentially steal user credentials that are stored in the user’s browsers local storage via\ncross-site-scripting attacks.", "supportingMedia": [ { "type": "text/html", "base64": false, "value": "Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR with\nPartnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote\nattacker to potentially steal user credentials that are stored in the user’s browsers local storage via\ncross-site-scripting attacks." } ] } ], "references": [ { "url": "https://sick.com/psirt", "tags": [ "issue-tracking" ] }, { "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf", "tags": [ "vendor-advisory" ] }, { "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json", "tags": [ "x_csaf" ] } ], "metrics": [ { "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ], "cvssV3_1": { "version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseSeverity": "MEDIUM", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } } ], "workarounds": [ { "lang": "en", "value": "Please make sure that you apply general security practices when operating the SICK FTMg\nlike network segmentation. The following General Security Practices and Operating Guidelines could\nmitigate the associated security risk.", "supportingMedia": [ { "type": "text/html", "base64": false, "value": "Please make sure that you apply general security practices when operating the SICK FTMg\nlike network segmentation. The following General Security Practices and Operating Guidelines could\nmitigate the associated security risk." } ] } ], "source": { "discovery": "INTERNAL" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } }, "adp": [ { "providerMetadata": { "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:53:30.909Z" }, "title": "CVE Program Container", "references": [ { "tags": [ "issue-tracking", "x_transferred" ], "url": "https://sick.com/psirt" }, { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf" }, { "tags": [ "x_csaf", "x_transferred" ], "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json" } ] }, { "metrics": [ { "other": { "type": "ssvc", "content": { "timestamp": "2025-01-23T17:32:58.739667Z", "id": "CVE-2023-31408", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-23T17:33:18.976Z" } } ] } }