CVE-2023-23446 in FTMg Air Flow Sensor
Summary
by MITRE • 05/15/2023
Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 06/01/2026
The CVE-2023-23446 vulnerability represents a critical improper access control flaw within SICK FTMg AIR FLOW SENSOR devices, specifically affecting models with part numbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, and 1122526. This vulnerability resides within the device's REST interface implementation, creating a significant security gap that allows unauthorized remote access to sensitive system files. The flaw stems from inadequate authentication and authorization checks that fail to properly validate user privileges before granting access to file download functionalities. According to CWE-284, this vulnerability directly maps to improper access control, where the system fails to enforce proper access restrictions, enabling attackers to bypass normal security boundaries. The vulnerability is particularly concerning as it operates through an unprivileged account, meaning that even users with minimal system access can exploit this flaw to gain unauthorized file access.
The technical implementation of this vulnerability allows remote attackers to exploit the REST API endpoints without requiring elevated privileges or administrative credentials. Attackers can leverage this weakness by crafting specific requests through the network interface to access files that should normally be restricted to authorized personnel only. The REST interface, which typically provides programmatic access to device configuration and operational data, fails to properly implement access controls that would normally prevent unauthorized file retrieval. This misconfiguration creates a path for data exfiltration where sensitive operational data, configuration files, or potentially system binaries could be downloaded by unauthorized parties. The vulnerability demonstrates a clear breakdown in the principle of least privilege, where the system does not adequately verify that the requesting entity has proper authorization to access the requested resources.
The operational impact of this vulnerability extends beyond simple unauthorized file access, potentially compromising the integrity and confidentiality of industrial control systems. In industrial environments, flow sensors like the SICK FTMg series are often deployed in critical infrastructure settings where unauthorized access to sensor data or configuration files could lead to operational disruptions or security breaches. Attackers could potentially download firmware images, configuration parameters, or operational data that might reveal system architecture, security configurations, or operational procedures. This information could then be used to plan more sophisticated attacks or to understand system behavior for further exploitation. The remote nature of the attack means that threat actors can exploit this vulnerability from anywhere on the network without requiring physical access to the device, making it particularly dangerous in industrial settings where network segmentation may not be robust.
Mitigation strategies for CVE-2023-23446 should focus on immediate network-level protections combined with firmware updates from SICK. Organizations should implement strict network segmentation to isolate these devices from general network traffic, ensuring that only authorized management systems can access the REST interfaces. Network access control lists and firewalls should be configured to restrict access to the specific ports and endpoints used by the REST interface, limiting access to known and trusted IP addresses. Additionally, the implementation of secure remote access solutions such as VPNs with strong authentication should be considered to provide controlled access to these devices. According to ATT&CK framework, this vulnerability maps to T1071.004 for Application Layer Protocol: DNS and T1046 for Network Service Scanning, indicating that attackers might use these techniques to discover and exploit vulnerable devices. Organizations should also implement monitoring solutions to detect unusual patterns of REST API access or file download attempts, as these activities could indicate exploitation attempts. Regular security assessments and vulnerability scanning of industrial control systems should be conducted to identify similar access control weaknesses in other networked devices. The most effective long-term solution remains applying the vendor-provided firmware updates that address the root cause of the improper access control implementation.