ICR890-4
by SICK AG
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-3271 | Hig | 0.53 | 8.2 | 0.01 | Jul 10, 2023 | Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to gather information about the system and download data via the REST API by accessing unauthenticated endpoints. | ||
| CVE-2023-3273 | Hig | 0.49 | 7.5 | 0.01 | Jul 10, 2023 | Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to affect the availability of the device by changing settings of the device such as the IP address based on missing access control. | ||
| CVE-2023-3272 | Hig | 0.49 | 7.5 | 0.00 | Jul 10, 2023 | Cleartext Transmission of Sensitive Information in the SICK ICR890-4 could allow a remote attacker to gather sensitive information by intercepting network traffic that is not encrypted. | ||
| CVE-2023-35696 | Hig | 0.49 | 7.5 | 0.01 | Jul 10, 2023 | Unauthenticated endpoints in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the device via HTTP requests. | ||
| CVE-2023-35699 | Med | 0.34 | 5.3 | 0.00 | Jul 10, 2023 | Cleartext Storage on Disk in the SICK ICR890-4 could allow an unauthenticated attacker with local access to the device to disclose sensitive information by accessing a SD card. | ||
| CVE-2023-35698 | Med | 0.34 | 5.3 | 0.01 | Jul 10, 2023 | Observable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify valid usernames for the FTP server from the response given during a failed login attempt. | ||
| CVE-2023-35697 | Med | 0.34 | 5.3 | 0.01 | Jul 10, 2023 | Improper Restriction of Excessive Authentication Attempts in the SICK ICR890-4 could allow a remote attacker to brute-force user credentials. | ||
| CVE-2023-3270 | 0.00 | — | 0.01 | Jul 10, 2023 | Exposure of Sensitive Information to an Unauthorized Actor in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the system. |
- risk 0.53cvss 8.2epss 0.01
Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to gather information about the system and download data via the REST API by accessing unauthenticated endpoints.
- risk 0.49cvss 7.5epss 0.01
Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to affect the availability of the device by changing settings of the device such as the IP address based on missing access control.
- risk 0.49cvss 7.5epss 0.00
Cleartext Transmission of Sensitive Information in the SICK ICR890-4 could allow a remote attacker to gather sensitive information by intercepting network traffic that is not encrypted.
- risk 0.49cvss 7.5epss 0.01
Unauthenticated endpoints in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the device via HTTP requests.
- risk 0.34cvss 5.3epss 0.00
Cleartext Storage on Disk in the SICK ICR890-4 could allow an unauthenticated attacker with local access to the device to disclose sensitive information by accessing a SD card.
- risk 0.34cvss 5.3epss 0.01
Observable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify valid usernames for the FTP server from the response given during a failed login attempt.
- risk 0.34cvss 5.3epss 0.01
Improper Restriction of Excessive Authentication Attempts in the SICK ICR890-4 could allow a remote attacker to brute-force user credentials.
- CVE-2023-3270Jul 10, 2023risk 0.00cvss —epss 0.01
Exposure of Sensitive Information to an Unauthorized Actor in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the system.