Filtered by vendor Sick
Subscriptions
Total
85 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-3272 | 2 Sick, Sick Ag | 3 Icr890-4, Icr890-4 Firmware, Icr890-4 | 2024-11-21 | 7.5 High |
| Cleartext Transmission of Sensitive Information in the SICK ICR890-4 could allow a remote attacker to gather sensitive information by intercepting network traffic that is not encrypted. | ||||
| CVE-2023-3271 | 2 Sick, Sick Ag | 3 Icr890-4, Icr890-4 Firmware, Icr890-4 | 2024-11-21 | 8.2 High |
| Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to gather information about the system and download data via the REST API by accessing unauthenticated endpoints. | ||||
| CVE-2023-3270 | 2 Sick, Sick Ag | 3 Icr890-4, Icr890-4 Firmware, Icr890-4 | 2024-11-21 | 8.6 High |
| Exposure of Sensitive Information to an Unauthorized Actor in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the system. | ||||
| CVE-2023-35699 | 1 Sick | 2 Icr890-4, Icr890-4 Firmware | 2024-11-21 | 5.3 Medium |
| Cleartext Storage on Disk in the SICK ICR890-4 could allow an unauthenticated attacker with local access to the device to disclose sensitive information by accessing a SD card. | ||||
| CVE-2023-35698 | 1 Sick | 2 Icr890-4, Icr890-4 Firmware | 2024-11-21 | 5.3 Medium |
| Observable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify valid usernames for the FTP server from the response given during a failed login attempt. | ||||
| CVE-2023-35697 | 2 Sick, Sick Ag | 3 Icr890-4, Icr890-4 Firmware, Icr890-4 | 2024-11-21 | 5.3 Medium |
| Improper Restriction of Excessive Authentication Attempts in the SICK ICR890-4 could allow a remote attacker to brute-force user credentials. | ||||
| CVE-2023-35696 | 2 Sick, Sick Ag | 3 Icr890-4, Icr890-4 Firmware, Icr890-4 | 2024-11-21 | 7.5 High |
| Unauthenticated endpoints in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the device via HTTP requests. | ||||
| CVE-2022-27580 | 1 Sick | 1 Safety Designer | 2024-11-21 | 7.8 High |
| A deserialization vulnerability in a .NET framework class used and not properly checked by Safety Designer all versions up to and including 1.11.0 allows an attacker to craft malicious project files. Opening/importing such a malicious project file would execute arbitrary code with the privileges of the current user when opened or imported by the Safety Designer. This compromises confidentiality integrity and availability. For the attack to succeed a user must manually open a malicious project file. | ||||
| CVE-2022-27579 | 1 Sick | 1 Flexi Soft Designer | 2024-11-21 | 7.8 High |
| A deserialization vulnerability in a .NET framework class used and not properly checked by Flexi Soft Designer in all versions up to and including 1.9.4 SP1 allows an attacker to craft malicious project files. Opening/importing such a malicious project file would execute arbitrary code with the privileges of the current user when opened or imported by the Flexi Soft Designer. This compromises confidentiality integrity and availability. For the attack to succeed a user must manually open a malicious project file. | ||||
| CVE-2022-27578 | 1 Sick | 1 Overall Equipment Effectiveness | 2024-11-21 | 7.8 High |
| An attacker can perform a privilege escalation through the SICK OEE if the application is installed in a directory where non authenticated or low privilege users can modify its content. | ||||
| CVE-2022-27577 | 1 Sick | 2 Msc800, Msc800 Firmware | 2024-11-21 | 9.1 Critical |
| The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise services on the MSC800. SICK has released a new firmware version of the SICK MSC800 and recommends updating to the newest version. | ||||
| CVE-2021-32504 | 1 Sick | 2 Ftmg, Ftmg Firmware | 2024-11-21 | 5.3 Medium |
| Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch further attacks on the system. | ||||
| CVE-2021-32503 | 1 Sick | 2 Ftmg, Ftmg Firmware | 2024-11-21 | 4.9 Medium |
| Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch further attacks on the system. | ||||
| CVE-2021-32499 | 1 Sick | 1 Sopas Engineering Tool | 2024-11-21 | 7.5 High |
| SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the command line arguments to pass in any value to the Emulator executable. | ||||
| CVE-2021-32498 | 1 Sick | 1 Sopas Engineering Tool | 2024-11-21 | 8.6 High |
| SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the pathname of the emulator and use path traversal to run an arbitrary executable located on the host system. When the user starts the emulator from SOPAS ET the corresponding executable will be started instead of the emulator | ||||
| CVE-2021-32497 | 1 Sick | 1 Sopas Engineering Tool | 2024-11-21 | 8.6 High |
| SICK SOPAS ET before version 4.8.0 allows attackers to wrap any executable file into an SDD and provide this to a SOPAS ET user. When a user starts the emulator the executable is run without further checks. | ||||
| CVE-2021-32496 | 1 Sick | 2 Visionary-s Cx, Visionary-s Cx Firmware | 2024-11-21 | 5.3 Medium |
| SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inadequate Encryption Strength vulnerability concerning the internal SSH interface solely used by SICK for recovering returned devices. The use of weak ciphers make it easier for an attacker to break the security that protects information transmitted from the client to the SSH server, assuming the attacker has access to the network on which the device is connected. This can increase the risk that encryption will be compromised, leading to the exposure of sensitive user information and man-in-the-middle attacks. | ||||
| CVE-2020-2078 | 1 Sick | 1 Package Analytics | 2024-11-21 | 6.5 Medium |
| Passwords are stored in plain text within the configuration of SICK Package Analytics software up to and including V04.1.1. An authorized attacker could access these stored plaintext credentials and gain access to the ftp service. Storing a password in plaintext allows attackers to easily gain access to systems, potentially compromising personal information or other sensitive information. | ||||
| CVE-2020-2077 | 1 Sick | 1 Package Analytics | 2024-11-21 | 7.5 High |
| SICK Package Analytics software up to and including version V04.0.0 are vulnerable due to incorrect default permissions settings. An unauthorized attacker could read sensitive data from the system by querying for known files using the REST API directly. | ||||
| CVE-2020-2076 | 1 Sick | 1 Package Analytics | 2024-11-21 | 9.8 Critical |
| SICK Package Analytics software up to and including version V04.0.0 are vulnerable to an authentication bypass by directly interfacing with the REST API. An attacker can send unauthorized requests, bypass current authentication controls presented by the application and could potentially write files without authentication. | ||||