Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526…
Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to gain information about valid usernames by analyzing challenge responses from the server via the REST interface.
The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.
https://cwe.mitre.org/data/definitions/204.html →Open in CWE collection →An adversary sends a UDP packet to a closed port on the target machine to solicit an IP Header's total length field value within the echoed 'Port Unreachable" error message. This type of behavior is useful for building a signature-base of operating system responses, particularly when error messages contain other types of information that is useful identifying specific operating system responses.
https://capec.mitre.org/data/definitions/331.html →Open in CAPEC collection →An adversary sends a UDP datagram having an assigned value to its internet identification field (ID) to a closed port on a target to observe the manner in which this bit is echoed back in the ICMP error message. This allows the attacker to construct a fingerprint of specific OS behaviors.
https://capec.mitre.org/data/definitions/332.html →Open in CAPEC collection →An adversary engages in fingerprinting activities to determine the type or version of an application installed on a remote target.
https://capec.mitre.org/data/definitions/541.html →Open in CAPEC collection →An adversary engages in active probing and exploration activities to determine security information about a remote target system. Often times adversaries will rely on remote applications that can be probed for system configurations.
https://capec.mitre.org/data/definitions/580.html →Open in CAPEC collection →| Product | Vendor | Status |
|---|---|---|
| ftmg-esd15axx_firmware | * | Tracked |
| ftmg-esd20axx_firmware | * | Tracked |
| ftmg-esd25axx_firmware | * | Tracked |
| ftmg-esn40sxx_firmware | * | Tracked |
| ftmg-esn50sxx_firmware | * | Tracked |
| ftmg-esr40sxx_firmware | * | Tracked |
| ftmg-esr50sxx_firmware | * | Tracked |