VYPR
Vendor

SICK AG

Products
42
CVEs
83
Across products
89
Status
Private

Products

42
View all 42 products →

Recent CVEs

83
View all 83 CVEs →
  • CVE-2025-27593CriMar 14, 2025
    risk 0.60cvss 9.3epss 0.00

    The product can be used to distribute malicious code using SDD Device Drivers due to missing download verification checks, leading to code execution on target systems.

  • CVE-2025-0593HigFeb 14, 2025
    risk 0.57cvss 8.8epss 0.01

    The vulnerability may allow a remote low priviledged attacker to run arbitrary shell commands by using lower-level functions to interact with the device.

  • CVE-2024-11075HigNov 19, 2024
    risk 0.57cvss 8.8epss 0.00

    A vulnerability in the Incoming Goods Suite allows a user with unprivileged access to the underlying system (e.g. local or via SSH) a privilege escalation to the administrative level due to the usage of component vendor Docker images running with root permissions. Exploiting…

  • CVE-2023-3271HigJul 10, 2023
    risk 0.53cvss 8.2epss 0.01

    Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to gather information about the system and download data via the REST API by accessing unauthenticated endpoints.

  • CVE-2024-8751HigSep 12, 2024
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product’s IP address over Sopas ET. This can lead to Denial of Service. Users are recommended to upgrade both MSC800 and MSC800 LFT to version V4.26 and S2.93.20 respectively which fixes this…

  • CVE-2023-3273HigJul 10, 2023
    risk 0.49cvss 7.5epss 0.01

    Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to affect the availability of the device by changing settings of the device such as the IP address based on missing access control.

  • CVE-2023-3272HigJul 10, 2023
    risk 0.49cvss 7.5epss 0.00

    Cleartext Transmission of Sensitive Information in the SICK ICR890-4 could allow a remote attacker to gather sensitive information by intercepting network traffic that is not encrypted.

  • CVE-2023-35696HigJul 10, 2023
    risk 0.49cvss 7.5epss 0.01

    Unauthenticated endpoints in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the device via HTTP requests.

  • CVE-2023-23447HigMay 15, 2023
    risk 0.49cvss 7.5epss 0.01

    Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to influence the availability of the webserver by invocing several open file requests via the REST…

  • CVE-2023-23446HigMay 15, 2023
    risk 0.49cvss 7.5epss 0.01

    Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface.

  • CVE-2023-23445HigMay 15, 2023
    risk 0.49cvss 7.5epss 0.01

    Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to gain unauthorized access to data fields by using a therefore unpriviledged account via the REST interface.

  • CVE-2024-10774HigDec 6, 2024
    risk 0.47cvss 7.3epss 0.00

    Unauthenticated CROWN APIs allow access to critical functions. This leads to the accessibility of large parts of the web application without authentication.

  • CVE-2023-23450MedMay 15, 2023
    risk 0.40cvss 6.2epss 0.01

    Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to use a password hash instead of an actual password to login to a valid…

  • CVE-2023-31409MedMay 15, 2023
    risk 0.35cvss 5.3epss 0.01

    Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an remote attacker to influence the availability of the webserver by invocing a Slowloris style attack via HTTP requests.

  • CVE-2025-32472MedApr 28, 2025
    risk 0.34cvss 5.3epss 0.01

    The multiScan and picoScan are vulnerable to a denial-of-service (DoS) attack. A remote attacker can exploit this vulnerability by conducting a Slowloris-type attack, causing the web page to become unresponsive.

  • CVE-2023-35699MedJul 10, 2023
    risk 0.34cvss 5.3epss 0.00

    Cleartext Storage on Disk in the SICK ICR890-4 could allow an unauthenticated attacker with local access to the device to disclose sensitive information by accessing a SD card.

  • CVE-2023-35698MedJul 10, 2023
    risk 0.34cvss 5.3epss 0.01

    Observable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify valid usernames for the FTP server from the response given during a failed login attempt.

  • CVE-2023-35697MedJul 10, 2023
    risk 0.34cvss 5.3epss 0.01

    Improper Restriction of Excessive Authentication Attempts in the SICK ICR890-4 could allow a remote attacker to brute-force user credentials.

  • CVE-2023-31408MedMay 15, 2023
    risk 0.34cvss 5.3epss 0.00

    Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to potentially steal user credentials that are stored in the user’s browsers local storage via…

  • CVE-2023-23449MedMay 15, 2023
    risk 0.34cvss 5.3epss 0.01

    Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to gain information about valid usernames by analyzing challenge responses from the server via the REST interface.