CVE-2023-23447 in FTMg Air Flow Sensor
Summary
by MITRE • 05/15/2023
Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to influence the availability of the webserver by invocing several open file requests via the REST interface.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 06/01/2026
The CVE-2023-23447 vulnerability affects SICK FTMg AIR FLOW SENSOR devices with specific part numbers, representing a significant concern for industrial control systems and IoT deployments. This vulnerability resides within the webserver component of these industrial sensors, which are commonly deployed in manufacturing environments, process control systems, and automated facilities where reliable operation is critical. The affected devices operate with a REST interface that exposes various system functions through HTTP endpoints, making them accessible over network connections. These particular sensor models are designed for continuous monitoring of air flow parameters in industrial settings, where their availability directly impacts operational efficiency and safety protocols.
The technical flaw manifests as an insufficient input validation mechanism within the webserver's handling of file access requests through the REST API interface. When an unprivileged remote attacker sends multiple concurrent open file requests to the device, the system fails to properly limit or throttle these requests, leading to excessive resource consumption. This vulnerability specifically targets the file descriptor management system, where each request consumes system resources without adequate rate limiting or resource accounting. The flaw allows for a form of resource exhaustion attack that can gradually consume available file handles, memory allocation, or CPU cycles, ultimately leading to system instability or complete service denial. The vulnerability operates at the application layer and does not require authentication credentials to exploit, making it particularly dangerous in network-accessible industrial environments where physical security measures may be insufficient.
The operational impact of this vulnerability extends beyond simple service disruption to potentially compromise critical industrial processes that depend on continuous sensor monitoring. When the webserver becomes unresponsive due to resource exhaustion, operators lose access to real-time flow data, configuration capabilities, and diagnostic information that may be essential for maintaining production quality and safety standards. The vulnerability can be exploited remotely, meaning attackers do not require physical access to the device or network proximity to cause disruption. This characteristic makes it particularly concerning for industrial environments where sensors may be deployed in remote locations or where network segmentation is not properly implemented. The attack can be executed with minimal technical expertise, as it only requires sending multiple HTTP requests to the exposed REST interface, potentially causing cascading failures in larger industrial control networks where these sensors feed data to central monitoring systems.
Mitigation strategies for CVE-2023-23447 should focus on network segmentation and access control measures to limit exposure of these devices to untrusted networks. Organizations should implement firewall rules that restrict access to the affected REST interface to authorized personnel only, while also deploying network monitoring tools to detect unusual patterns of file access requests. Device firmware updates from SICK should be prioritized to address the underlying resource management flaw, which typically involves implementing proper request throttling and resource limiting mechanisms. The vulnerability aligns with CWE-400, which describes "Uncontrolled Resource Consumption" as a common weakness in software systems, and may be categorized under ATT&CK technique T1499.004 for "Endpoint Denial of Service" in the context of industrial control systems. Regular security assessments of industrial IoT deployments should include verification of resource management practices in webserver implementations, particularly for devices that expose REST APIs without adequate input validation or rate limiting controls.