CVE-2023-31408

Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to potentially steal user credentials that are stored in the user’s browsers local storage via cross-site-scripting attacks.

medium 5.3 CVSS 3.1
Published: May 15, 2023
Modified: Jun 1, 2026
Vendor: Sick
Product: Ftmg-Esd20Axx Firmware

Description

Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR with
Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote
attacker to potentially steal user credentials that are stored in the user’s browsers local storage via
cross-site-scripting attacks.

References

Related CVEs

CVE-2023-3271 high · 8.2
Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to gather information about the system and download data via the REST API by accessing u
CVE-2023-3272 high · 7.5
Cleartext Transmission of Sensitive Information in the SICK ICR890-4 could allow a remote attacker to gather sensitive information by intercepting network traffic that is not encry
CVE-2023-3273 high · 7.5
Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to affect the availability of the device by changing settings of the device such as the
CVE-2023-35696 high · 7.5
Unauthenticated endpoints in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the device via HTTP requests.
CVE-2023-35697 medium · 5.3
Improper Restriction of Excessive Authentication Attempts in the SICK ICR890-4 could allow a remote attacker to brute-force user credentials.
CVE-2023-35698 medium · 5.3
Observable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify valid usernames for the FTP server from the response given during a failed login atte