VYPR

Vendor CVEs

SICK AG

All CVEs

83 total · sorted by risk
  • CVE-2023-3270Jul 10, 2023
    risk 0.00cvss epss 0.01

    Exposure of Sensitive Information to an Unauthorized Actor in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the system.

  • CVE-2023-31411Jun 19, 2023
    risk 0.00cvss epss 0.01

    A remote unprivileged attacker can modify and access configuration settings on the EventCam App due to the absence of API authentication. The lack of authentication in the API allows the attacker to potentially compromise the functionality of the EventCam App.

  • CVE-2023-31410Jun 19, 2023
    risk 0.00cvss epss 0.00

    A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK EventCam App. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive…

  • CVE-2023-23444May 12, 2023
    risk 0.00cvss epss 0.01

    Missing Authentication for Critical Function in SICK Flexi Classic and Flexi Soft Gateways with Partnumbers 1042193, 1042964, 1044078, 1044072, 1044073, 1044074, 1099830, 1099832, 1127717, 1069070, 1112296, 1051432, 1102420, 1127487, 1121596, 1121597 allows an unauthenticated…

  • CVE-2023-23451Apr 19, 2023
    risk 0.00cvss epss 0.01

    The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN1 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN3S04 FLEXI ETHERNET GATEW. with serial…

  • CVE-2023-23453Feb 20, 2023
    risk 0.00cvss epss 0.01

    Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000.

  • CVE-2023-23452Feb 20, 2023
    risk 0.00cvss epss 0.01

    Missing Authentication for Critical Function in SICK FX0-GPNT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000.

  • CVE-2022-47377Dec 16, 2022
    risk 0.00cvss epss 0.01

    Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 with firmware version <1.13.4 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an…

  • CVE-2022-46834Dec 13, 2022
    risk 0.00cvss epss 0.00

    Use of a Broken or Risky Cryptographic Algorithm in SICK RFU65x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation…

  • CVE-2022-46833Dec 13, 2022
    risk 0.00cvss epss 0.00

    Use of a Broken or Risky Cryptographic Algorithm in SICK RFU63x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation…

  • CVE-2022-27581Dec 13, 2022
    risk 0.00cvss epss 0.00

    Use of a Broken or Risky Cryptographic Algorithm in SICK RFU61x firmware version <v2.25 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation…

  • CVE-2022-46832Dec 13, 2022
    risk 0.00cvss epss 0.00

    Use of a Broken or Risky Cryptographic Algorithm in SICK RFU62x firmware version < 2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation…

  • CVE-2022-27585Nov 1, 2022
    risk 0.00cvss epss 0.01

    Password recovery vulnerability in SICK SIM1000 FX Partnumber 1097816 and 1097817 with firmware version <1.6.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads…

  • CVE-2022-43989Nov 1, 2022
    risk 0.00cvss epss 0.01

    Password recovery vulnerability in SICK SIM2x00 (ARM) Partnumber 1092673 and 1081902 with firmware version < 1.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This…

  • CVE-2022-27584Nov 1, 2022
    risk 0.00cvss epss 0.01

    Password recovery vulnerability in SICK SIM2000ST Partnumber 1080579 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the…

  • CVE-2022-27582Nov 1, 2022
    risk 0.00cvss epss 0.01

    Password recovery vulnerability in SICK SIM4000 (PPC) Partnumber 1078787 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on…

  • CVE-2022-43990Nov 1, 2022
    risk 0.00cvss epss 0.01

    Password recovery vulnerability in SICK SIM1012 Partnumber 1098146 with firmware version <2.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase…

  • CVE-2022-27586Nov 1, 2022
    risk 0.00cvss epss 0.01

    Password recovery vulnerability in SICK SIM1004 Partnumber 1098148 with firmware version <2.0.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase…

  • CVE-2022-27583Oct 31, 2022
    risk 0.00cvss epss 0.01

    A remote unprivileged attacker can interact with the configuration interface of a Flexi-Compact FLX3-CPUC1 or FLX3-CPUC2 running an affected firmware version to potentially impact the availability of the FlexiCompact.

  • CVE-2022-27580Jul 19, 2022
    risk 0.00cvss epss 0.00

    A deserialization vulnerability in a .NET framework class used and not properly checked by Safety Designer all versions up to and including 1.11.0 allows an attacker to craft malicious project files. Opening/importing such a malicious project file would execute arbitrary code…

  • CVE-2022-27579Jul 19, 2022
    risk 0.00cvss epss 0.00

    A deserialization vulnerability in a .NET framework class used and not properly checked by Flexi Soft Designer in all versions up to and including 1.9.4 SP1 allows an attacker to craft malicious project files. Opening/importing such a malicious project file would execute…

  • CVE-2022-27577Apr 11, 2022
    risk 0.00cvss epss 0.01

    The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could…

  • CVE-2022-27578Apr 11, 2022
    risk 0.00cvss epss 0.00

    An attacker can perform a privilege escalation through the SICK OEE if the application is installed in a directory where non authenticated or low privilege users can modify its content.

  • CVE-2021-32499Dec 17, 2021
    risk 0.00cvss epss 0.01

    SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the command line arguments to pass in any value to the Emulator executable.

  • CVE-2021-32498Dec 17, 2021
    risk 0.00cvss epss 0.01

    SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the pathname of the emulator and use path traversal to run an arbitrary executable located on the host system. When the user starts the emulator from SOPAS ET the corresponding executable will be started instead…

  • CVE-2021-32497Dec 17, 2021
    risk 0.00cvss epss 0.01

    SICK SOPAS ET before version 4.8.0 allows attackers to wrap any executable file into an SDD and provide this to a SOPAS ET user. When a user starts the emulator the executable is run without further checks.

  • CVE-2021-32496Jun 28, 2021
    risk 0.00cvss epss 0.00

    SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inadequate Encryption Strength vulnerability concerning the internal SSH interface solely used by SICK for recovering returned devices. The use of weak ciphers make it easier for an attacker to break the security…

  • CVE-2020-2075Aug 31, 2020
    risk 0.00cvss epss 0.01

    Platform mechanism AutoIP allows remote attackers to reboot the device via a crafted packet in SICK AG solutions Bulkscan LMS111, Bulkscan LMS511, CLV62x – CLV65x, ICR890-3, LMS10x, LMS11x, LMS15x, LMS12x, LMS13x, LMS14x, LMS5xx, LMS53x, MSC800, RFH.

  • CVE-2020-2078Jul 29, 2020
    risk 0.00cvss epss 0.01

    Passwords are stored in plain text within the configuration of SICK Package Analytics software up to and including V04.1.1. An authorized attacker could access these stored plaintext credentials and gain access to the ftp service. Storing a password in plaintext allows attackers…

  • CVE-2020-2077Jul 29, 2020
    risk 0.00cvss epss 0.01

    SICK Package Analytics software up to and including version V04.0.0 are vulnerable due to incorrect default permissions settings. An unauthorized attacker could read sensitive data from the system by querying for known files using the REST API directly.

  • CVE-2020-2076Jul 29, 2020
    risk 0.00cvss epss 0.01

    SICK Package Analytics software up to and including version V04.0.0 are vulnerable to an authentication bypass by directly interfacing with the REST API. An attacker can send unauthorized requests, bypass current authentication controls presented by the application and could…

  • CVE-2019-14753Sep 24, 2019
    risk 0.00cvss epss 0.01

    SICK FX0-GPNT00000 and FX0-GENT00000 devices through 3.4.0 have a Buffer Overflow

  • CVE-2019-10979Jul 1, 2019
    risk 0.00cvss epss 0.03

    SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password.

Page 2 of 2