Filtered by vendor Sick
Subscriptions
Total
85 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-10561 | 1 Sick | 2 Tloc100-100, Tloc100-100 Firmware | 2025-11-04 | 9.3 Critical |
| The device is running an outdated operating system, which may be susceptible to known vulnerabilities. | ||||
| CVE-2025-59459 | 1 Sick | 2 Tloc100-100, Tloc100-100 Firmware | 2025-11-03 | 5.5 Medium |
| An attacker that gains SSH access to an unprivileged account may be able to disrupt services (including SSH), causing persistent loss of availability. | ||||
| CVE-2025-59460 | 1 Sick | 2 Tloc100-100, Tloc100-100 Firmware | 2025-11-03 | 7.5 High |
| The system is deployed in its default state, with configuration settings that do not comply with the latest best practices for restricting access. This increases the risk of unauthorised connections. | ||||
| CVE-2025-59461 | 1 Sick | 2 Tloc100-100, Tloc100-100 Firmware | 2025-11-03 | 7.6 High |
| A remote unauthenticated attacker may use the unauthenticated C++ API to access or modify sensitive data and disrupt services. | ||||
| CVE-2025-59462 | 1 Sick | 2 Tloc100-100, Tloc100-100 Firmware | 2025-11-03 | 6.5 Medium |
| An attacker who tampers with the C++ CLI client may crash the UpdateService during file transfers, disrupting updates and availability. | ||||
| CVE-2025-59463 | 1 Sick | 2 Tloc100-100, Tloc100-100 Firmware | 2025-11-03 | 4.3 Medium |
| An attacker may cause chunk-size mismatches that block file transfers and prevent subsequent transfers. | ||||
| CVE-2025-58578 | 1 Sick | 1 Enterprise Analytics | 2025-10-08 | 3.8 Low |
| A user with the appropriate authorization can create any number of user accounts via an API endpoint using a POST request. There are no quotas, checking mechanisms or restrictions to limit the creation. | ||||
| CVE-2025-9914 | 1 Sick | 4 Baggage Analytics, Logistic Diagnostic Analytics, Package Analytics and 1 more | 2025-10-08 | 4.3 Medium |
| The credentials of the users stored in the system's local database can be used for the log in, making it possible for an attacker to gain unauthorized access. This could potentially affect the confidentiality of the application. | ||||
| CVE-2025-58585 | 1 Sick | 3 Logistic Diagnostic Analytics, Package Analytics, Tire Analytics | 2025-10-08 | 5.3 Medium |
| Multiple endpoints with sensitive information do not require authentication, making the application susceptible to information gathering. | ||||
| CVE-2025-58579 | 1 Sick | 5 Baggage Analytics, Enterprise Analytics, Logistic Diagnostic Analytics and 2 more | 2025-10-08 | 5.3 Medium |
| Due to a lack of authentication, it is possible for an unauthenticated user to request data from this endpoint, making the application vulnerable for user enumeration. | ||||
| CVE-2025-58581 | 1 Sick | 1 Enterprise Analytics | 2025-10-06 | 4.3 Medium |
| When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information. An attacker can thus obtain information about the technology used and the structure of the application. | ||||
| CVE-2025-58580 | 1 Sick | 1 Enterprise Analytics | 2025-10-06 | 6.5 Medium |
| An API endpoint allows arbitrary log entries to be created via POST request. Without sufficient validation of the input data, an attacker can create manipulated log entries and thus falsify or dilute logs, for example. | ||||
| CVE-2025-58582 | 1 Sick | 1 Enterprise Analytics | 2025-10-06 | 5.3 Medium |
| If a user tries to login but the provided credentials are incorrect a log is created. The data for this POST requests is not validated and it’s possible to send giant payloads which are then logged. | ||||
| CVE-2022-27583 | 1 Sick | 4 Flx3-cpuc1, Flx3-cpuc1 Firmware, Flx3-cpuc2 and 1 more | 2025-05-07 | 9.1 Critical |
| A remote unprivileged attacker can interact with the configuration interface of a Flexi-Compact FLX3-CPUC1 or FLX3-CPUC2 running an affected firmware version to potentially impact the availability of the FlexiCompact. | ||||
| CVE-2022-27586 | 1 Sick | 2 Sim1004-0p0g311, Sim1004-0p0g311 Firmware | 2025-05-06 | 9.8 Critical |
| Password recovery vulnerability in SICK SIM1004 Partnumber 1098148 with firmware version <2.0.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 2.0.0 as soon as possible (available in SICK Support Portal). | ||||
| CVE-2022-27584 | 1 Sick | 2 Sim2000st, Sim2000st Firmware | 2025-05-06 | 9.8 Critical |
| Password recovery vulnerability in SICK SIM2000ST Partnumber 1080579 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The firmware versions <=1.7.0 allow to optionally disable device configuration over the network interfaces. Please make sure that you apply general security practices when operating the SIM2000ST. A fix is planned but not yet scheduled. | ||||
| CVE-2022-27582 | 1 Sick | 14 Sim1000 Fx, Sim1000 Fx Firmware, Sim1004 and 11 more | 2025-05-06 | 9.8 Critical |
| Password recovery vulnerability in SICK SIM4000 (PPC) Partnumber 1078787 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The firmware versions <=1.10.1 allow to optionally disable device configuration over the network interfaces. Please make sure that you apply general security practices when operating the SIM4000. A fix is planned but not yet scheduled. | ||||
| CVE-2022-43990 | 1 Sick | 2 Sim1012-0p0g200, Sim1012-0p0g200 Firmware | 2025-05-05 | 7.3 High |
| Password recovery vulnerability in SICK SIM1012 Partnumber 1098146 with firmware version <2.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 2.2.0 as soon as possible (available in SICK Support Portal). | ||||
| CVE-2022-43989 | 1 Sick | 4 Sim2000-2p04g10, Sim2000-2p04g10 Firmware, Sim2500-2p03g10 and 1 more | 2025-05-05 | 7.3 High |
| Password recovery vulnerability in SICK SIM2x00 (ARM) Partnumber 1092673 and 1081902 with firmware version < 1.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 1.2.0 as soon as possible (available in SICK Support Portal). | ||||
| CVE-2022-27585 | 1 Sick | 2 Sim1000 Fx, Sim1000 Fx Firmware | 2025-05-02 | 9.8 Critical |
| Password recovery vulnerability in SICK SIM1000 FX Partnumber 1097816 and 1097817 with firmware version <1.6.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 1.6.0 as soon as possible (available in SICK Support Portal). | ||||