Filtered by vendor Sick
Subscriptions
Filtered by product Inspector61x Firmware
Subscriptions
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-10774 | 1 Sick | 2 Inspector61x Firmware, Inspector62x Firmware | 2024-12-09 | 7.3 High |
| Unauthenticated CROWN APIs allow access to critical functions. This leads to the accessibility of large parts of the web application without authentication. | ||||
| CVE-2024-10771 | 1 Sick | 3 Inspector61x Firmware, Inspector62x Firmware, Tim3xx | 2024-12-09 | 8.8 High |
| Due to missing input validation during one step of the firmware update process, the product is vulnerable to remote code execution. With network access and the user level ”Service”, an attacker can execute arbitrary system commands in the root user’s contexts. | ||||
| CVE-2024-10772 | 1 Sick | 2 Inspector61x Firmware, Inspector62x Firmware | 2024-12-09 | 8.8 High |
| Since the firmware update is not validated, an attacker can install modified firmware on the device. This has a high impact on the availabilty, integrity and confidentiality up to the complete compromise of the device. | ||||
| CVE-2024-10773 | 1 Sick | 3 Inspector61x Firmware, Inspector62x Firmware, Tim3xx | 2024-12-09 | 9 Critical |
| The product is vulnerable to pass-the-hash attacks in combination with hardcoded credentials of hidden user levels. This means that an attacker can log in with the hidden user levels and gain full access to the device. | ||||
| CVE-2024-10776 | 1 Sick | 2 Inspector61x Firmware, Inspector62x Firmware | 2024-12-09 | 8.2 High |
| Lua apps can be deployed, removed, started, reloaded or stopped without authorization via AppManager. This allows an attacker to remove legitimate apps creating a DoS attack, read and write files or load apps that use all features of the product available to a customer. | ||||
Page 1 of 1.