Beware of Resource Exhaustion Attacks on SICK FLOW SENSOR Devices

CVSScvssV3_1: 7.5

SICK FLOW SENSOR devices are used to measure airflow in industrial applications. Unfortunately, a vulnerability has been discovered that could allow remote attackers to disrupt the availability of these devices.

The vulnerability (CVE-2023-23447) relates to how the REST interface of affected SICK FLOW SENSOR models handle file requests. By sending a large number of open file requests, an attacker could potentially consume all available resources on the device’s web server. This could cause the web server to become unavailable or unresponsive, preventing legitimate users from accessing the device remotely.

While the attacker would not gain full control of the device, exhausting resources in this way could still impact operations that rely on monitoring or managing the FLOW SENSOR remotely over the network. Manufacturing processes, quality control checks, or environmental monitoring could experience disruptions as a result.

SICK has released firmware updates to address this issue for all affected models. Users are strongly recommended to update their devices to the latest version as soon as possible. Regularly checking for and applying security updates is also advised to help protect industrial IoT devices from future resource exhaustion or denial of service attacks. Taking prompt action can help minimize exposure to these types of availability risks.