Vendor CVEs
SICK AG
All CVEs
83 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-3270 | 0.00 | — | 0.01 | Jul 10, 2023 | Exposure of Sensitive Information to an Unauthorized Actor in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the system. | |||
| CVE-2023-31411 | 0.00 | — | 0.01 | Jun 19, 2023 | A remote unprivileged attacker can modify and access configuration settings on the EventCam App due to the absence of API authentication. The lack of authentication in the API allows the attacker to potentially compromise the functionality of the EventCam App. | |||
| CVE-2023-31410 | 0.00 | — | 0.00 | Jun 19, 2023 | A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK EventCam App. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive… | |||
| CVE-2023-23444 | 0.00 | — | 0.01 | May 12, 2023 | Missing Authentication for Critical Function in SICK Flexi Classic and Flexi Soft Gateways with Partnumbers 1042193, 1042964, 1044078, 1044072, 1044073, 1044074, 1099830, 1099832, 1127717, 1069070, 1112296, 1051432, 1102420, 1127487, 1121596, 1121597 allows an unauthenticated… | |||
| CVE-2023-23451 | 0.00 | — | 0.01 | Apr 19, 2023 | The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN1 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN3S04 FLEXI ETHERNET GATEW. with serial… | |||
| CVE-2023-23453 | 0.00 | — | 0.01 | Feb 20, 2023 | Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000. | |||
| CVE-2023-23452 | 0.00 | — | 0.01 | Feb 20, 2023 | Missing Authentication for Critical Function in SICK FX0-GPNT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000. | |||
| CVE-2022-47377 | 0.00 | — | 0.01 | Dec 16, 2022 | Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 with firmware version <1.13.4 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an… | |||
| CVE-2022-46834 | 0.00 | — | 0.00 | Dec 13, 2022 | Use of a Broken or Risky Cryptographic Algorithm in SICK RFU65x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation… | |||
| CVE-2022-46833 | 0.00 | — | 0.00 | Dec 13, 2022 | Use of a Broken or Risky Cryptographic Algorithm in SICK RFU63x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation… | |||
| CVE-2022-27581 | 0.00 | — | 0.00 | Dec 13, 2022 | Use of a Broken or Risky Cryptographic Algorithm in SICK RFU61x firmware version <v2.25 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation… | |||
| CVE-2022-46832 | 0.00 | — | 0.00 | Dec 13, 2022 | Use of a Broken or Risky Cryptographic Algorithm in SICK RFU62x firmware version < 2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation… | |||
| CVE-2022-27585 | 0.00 | — | 0.01 | Nov 1, 2022 | Password recovery vulnerability in SICK SIM1000 FX Partnumber 1097816 and 1097817 with firmware version <1.6.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads… | |||
| CVE-2022-43989 | 0.00 | — | 0.01 | Nov 1, 2022 | Password recovery vulnerability in SICK SIM2x00 (ARM) Partnumber 1092673 and 1081902 with firmware version < 1.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This… | |||
| CVE-2022-27584 | 0.00 | — | 0.01 | Nov 1, 2022 | Password recovery vulnerability in SICK SIM2000ST Partnumber 1080579 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the… | |||
| CVE-2022-27582 | 0.00 | — | 0.01 | Nov 1, 2022 | Password recovery vulnerability in SICK SIM4000 (PPC) Partnumber 1078787 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on… | |||
| CVE-2022-43990 | 0.00 | — | 0.01 | Nov 1, 2022 | Password recovery vulnerability in SICK SIM1012 Partnumber 1098146 with firmware version <2.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase… | |||
| CVE-2022-27586 | 0.00 | — | 0.01 | Nov 1, 2022 | Password recovery vulnerability in SICK SIM1004 Partnumber 1098148 with firmware version <2.0.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase… | |||
| CVE-2022-27583 | 0.00 | — | 0.01 | Oct 31, 2022 | A remote unprivileged attacker can interact with the configuration interface of a Flexi-Compact FLX3-CPUC1 or FLX3-CPUC2 running an affected firmware version to potentially impact the availability of the FlexiCompact. | |||
| CVE-2022-27580 | 0.00 | — | 0.00 | Jul 19, 2022 | A deserialization vulnerability in a .NET framework class used and not properly checked by Safety Designer all versions up to and including 1.11.0 allows an attacker to craft malicious project files. Opening/importing such a malicious project file would execute arbitrary code… | |||
| CVE-2022-27579 | 0.00 | — | 0.00 | Jul 19, 2022 | A deserialization vulnerability in a .NET framework class used and not properly checked by Flexi Soft Designer in all versions up to and including 1.9.4 SP1 allows an attacker to craft malicious project files. Opening/importing such a malicious project file would execute… | |||
| CVE-2022-27577 | 0.00 | — | 0.01 | Apr 11, 2022 | The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could… | |||
| CVE-2022-27578 | 0.00 | — | 0.00 | Apr 11, 2022 | An attacker can perform a privilege escalation through the SICK OEE if the application is installed in a directory where non authenticated or low privilege users can modify its content. | |||
| CVE-2021-32499 | 0.00 | — | 0.01 | Dec 17, 2021 | SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the command line arguments to pass in any value to the Emulator executable. | |||
| CVE-2021-32498 | 0.00 | — | 0.01 | Dec 17, 2021 | SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the pathname of the emulator and use path traversal to run an arbitrary executable located on the host system. When the user starts the emulator from SOPAS ET the corresponding executable will be started instead… | |||
| CVE-2021-32497 | 0.00 | — | 0.01 | Dec 17, 2021 | SICK SOPAS ET before version 4.8.0 allows attackers to wrap any executable file into an SDD and provide this to a SOPAS ET user. When a user starts the emulator the executable is run without further checks. | |||
| CVE-2021-32496 | 0.00 | — | 0.00 | Jun 28, 2021 | SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inadequate Encryption Strength vulnerability concerning the internal SSH interface solely used by SICK for recovering returned devices. The use of weak ciphers make it easier for an attacker to break the security… | |||
| CVE-2020-2075 | 0.00 | — | 0.01 | Aug 31, 2020 | Platform mechanism AutoIP allows remote attackers to reboot the device via a crafted packet in SICK AG solutions Bulkscan LMS111, Bulkscan LMS511, CLV62x – CLV65x, ICR890-3, LMS10x, LMS11x, LMS15x, LMS12x, LMS13x, LMS14x, LMS5xx, LMS53x, MSC800, RFH. | |||
| CVE-2020-2078 | 0.00 | — | 0.01 | Jul 29, 2020 | Passwords are stored in plain text within the configuration of SICK Package Analytics software up to and including V04.1.1. An authorized attacker could access these stored plaintext credentials and gain access to the ftp service. Storing a password in plaintext allows attackers… | |||
| CVE-2020-2077 | 0.00 | — | 0.01 | Jul 29, 2020 | SICK Package Analytics software up to and including version V04.0.0 are vulnerable due to incorrect default permissions settings. An unauthorized attacker could read sensitive data from the system by querying for known files using the REST API directly. | |||
| CVE-2020-2076 | 0.00 | — | 0.01 | Jul 29, 2020 | SICK Package Analytics software up to and including version V04.0.0 are vulnerable to an authentication bypass by directly interfacing with the REST API. An attacker can send unauthorized requests, bypass current authentication controls presented by the application and could… | |||
| CVE-2019-14753 | 0.00 | — | 0.01 | Sep 24, 2019 | SICK FX0-GPNT00000 and FX0-GENT00000 devices through 3.4.0 have a Buffer Overflow | |||
| CVE-2019-10979 | 0.00 | — | 0.03 | Jul 1, 2019 | SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password. |
- CVE-2023-3270Jul 10, 2023risk 0.00cvss —epss 0.01
Exposure of Sensitive Information to an Unauthorized Actor in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the system.
- CVE-2023-31411Jun 19, 2023risk 0.00cvss —epss 0.01
A remote unprivileged attacker can modify and access configuration settings on the EventCam App due to the absence of API authentication. The lack of authentication in the API allows the attacker to potentially compromise the functionality of the EventCam App.
- CVE-2023-31410Jun 19, 2023risk 0.00cvss —epss 0.00
A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK EventCam App. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive…
- CVE-2023-23444May 12, 2023risk 0.00cvss —epss 0.01
Missing Authentication for Critical Function in SICK Flexi Classic and Flexi Soft Gateways with Partnumbers 1042193, 1042964, 1044078, 1044072, 1044073, 1044074, 1099830, 1099832, 1127717, 1069070, 1112296, 1051432, 1102420, 1127487, 1121596, 1121597 allows an unauthenticated…
- CVE-2023-23451Apr 19, 2023risk 0.00cvss —epss 0.01
The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN1 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN3S04 FLEXI ETHERNET GATEW. with serial…
- CVE-2023-23453Feb 20, 2023risk 0.00cvss —epss 0.01
Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000.
- CVE-2023-23452Feb 20, 2023risk 0.00cvss —epss 0.01
Missing Authentication for Critical Function in SICK FX0-GPNT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000.
- CVE-2022-47377Dec 16, 2022risk 0.00cvss —epss 0.01
Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 with firmware version <1.13.4 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an…
- CVE-2022-46834Dec 13, 2022risk 0.00cvss —epss 0.00
Use of a Broken or Risky Cryptographic Algorithm in SICK RFU65x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation…
- CVE-2022-46833Dec 13, 2022risk 0.00cvss —epss 0.00
Use of a Broken or Risky Cryptographic Algorithm in SICK RFU63x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation…
- CVE-2022-27581Dec 13, 2022risk 0.00cvss —epss 0.00
Use of a Broken or Risky Cryptographic Algorithm in SICK RFU61x firmware version <v2.25 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation…
- CVE-2022-46832Dec 13, 2022risk 0.00cvss —epss 0.00
Use of a Broken or Risky Cryptographic Algorithm in SICK RFU62x firmware version < 2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation…
- CVE-2022-27585Nov 1, 2022risk 0.00cvss —epss 0.01
Password recovery vulnerability in SICK SIM1000 FX Partnumber 1097816 and 1097817 with firmware version <1.6.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads…
- CVE-2022-43989Nov 1, 2022risk 0.00cvss —epss 0.01
Password recovery vulnerability in SICK SIM2x00 (ARM) Partnumber 1092673 and 1081902 with firmware version < 1.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This…
- CVE-2022-27584Nov 1, 2022risk 0.00cvss —epss 0.01
Password recovery vulnerability in SICK SIM2000ST Partnumber 1080579 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the…
- CVE-2022-27582Nov 1, 2022risk 0.00cvss —epss 0.01
Password recovery vulnerability in SICK SIM4000 (PPC) Partnumber 1078787 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on…
- CVE-2022-43990Nov 1, 2022risk 0.00cvss —epss 0.01
Password recovery vulnerability in SICK SIM1012 Partnumber 1098146 with firmware version <2.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase…
- CVE-2022-27586Nov 1, 2022risk 0.00cvss —epss 0.01
Password recovery vulnerability in SICK SIM1004 Partnumber 1098148 with firmware version <2.0.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase…
- CVE-2022-27583Oct 31, 2022risk 0.00cvss —epss 0.01
A remote unprivileged attacker can interact with the configuration interface of a Flexi-Compact FLX3-CPUC1 or FLX3-CPUC2 running an affected firmware version to potentially impact the availability of the FlexiCompact.
- CVE-2022-27580Jul 19, 2022risk 0.00cvss —epss 0.00
A deserialization vulnerability in a .NET framework class used and not properly checked by Safety Designer all versions up to and including 1.11.0 allows an attacker to craft malicious project files. Opening/importing such a malicious project file would execute arbitrary code…
- CVE-2022-27579Jul 19, 2022risk 0.00cvss —epss 0.00
A deserialization vulnerability in a .NET framework class used and not properly checked by Flexi Soft Designer in all versions up to and including 1.9.4 SP1 allows an attacker to craft malicious project files. Opening/importing such a malicious project file would execute…
- CVE-2022-27577Apr 11, 2022risk 0.00cvss —epss 0.01
The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could…
- CVE-2022-27578Apr 11, 2022risk 0.00cvss —epss 0.00
An attacker can perform a privilege escalation through the SICK OEE if the application is installed in a directory where non authenticated or low privilege users can modify its content.
- CVE-2021-32499Dec 17, 2021risk 0.00cvss —epss 0.01
SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the command line arguments to pass in any value to the Emulator executable.
- CVE-2021-32498Dec 17, 2021risk 0.00cvss —epss 0.01
SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the pathname of the emulator and use path traversal to run an arbitrary executable located on the host system. When the user starts the emulator from SOPAS ET the corresponding executable will be started instead…
- CVE-2021-32497Dec 17, 2021risk 0.00cvss —epss 0.01
SICK SOPAS ET before version 4.8.0 allows attackers to wrap any executable file into an SDD and provide this to a SOPAS ET user. When a user starts the emulator the executable is run without further checks.
- CVE-2021-32496Jun 28, 2021risk 0.00cvss —epss 0.00
SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inadequate Encryption Strength vulnerability concerning the internal SSH interface solely used by SICK for recovering returned devices. The use of weak ciphers make it easier for an attacker to break the security…
- CVE-2020-2075Aug 31, 2020risk 0.00cvss —epss 0.01
Platform mechanism AutoIP allows remote attackers to reboot the device via a crafted packet in SICK AG solutions Bulkscan LMS111, Bulkscan LMS511, CLV62x – CLV65x, ICR890-3, LMS10x, LMS11x, LMS15x, LMS12x, LMS13x, LMS14x, LMS5xx, LMS53x, MSC800, RFH.
- CVE-2020-2078Jul 29, 2020risk 0.00cvss —epss 0.01
Passwords are stored in plain text within the configuration of SICK Package Analytics software up to and including V04.1.1. An authorized attacker could access these stored plaintext credentials and gain access to the ftp service. Storing a password in plaintext allows attackers…
- CVE-2020-2077Jul 29, 2020risk 0.00cvss —epss 0.01
SICK Package Analytics software up to and including version V04.0.0 are vulnerable due to incorrect default permissions settings. An unauthorized attacker could read sensitive data from the system by querying for known files using the REST API directly.
- CVE-2020-2076Jul 29, 2020risk 0.00cvss —epss 0.01
SICK Package Analytics software up to and including version V04.0.0 are vulnerable to an authentication bypass by directly interfacing with the REST API. An attacker can send unauthorized requests, bypass current authentication controls presented by the application and could…
- CVE-2019-14753Sep 24, 2019risk 0.00cvss —epss 0.01
SICK FX0-GPNT00000 and FX0-GENT00000 devices through 3.4.0 have a Buffer Overflow
- CVE-2019-10979Jul 1, 2019risk 0.00cvss —epss 0.03
SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password.
Page 2 of 2