Filtered by vendor Sick
Subscriptions
Total
66 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-43698 | 1 Sick | 2 Apu0200, Apu0200 Firmware | 2024-09-19 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (’Cross-site Scripting’) in RDT400 in SICK APU allows an unprivileged remote attacker to run arbitrary code in the clients browser via injecting code into the website. | ||||
| CVE-2023-43697 | 2 Sick, Sick Ag | 3 Apu0200, Apu0200 Firmware, Apu0200 | 2024-09-19 | 6.5 Medium |
| Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP requests. | ||||
| CVE-2023-5100 | 1 Sick | 2 Apu0200, Apu0200 Firmware | 2024-09-19 | 5.9 Medium |
| Cleartext Transmission of Sensitive Information in RDT400 in SICK APU allows an unprivileged remote attacker to retrieve potentially sensitive information via intercepting network traffic that is not encrypted. | ||||
| CVE-2023-5101 | 2 Sick, Sick Ag | 3 Apu0200, Apu0200 Firmware, Apu0200 | 2024-09-19 | 5.3 Medium |
| Files or Directories Accessible to External Parties in RDT400 in SICK APU allows an unprivileged remote attacker to download various files from the server via HTTP requests. | ||||
| CVE-2023-5102 | 2 Sick, Sick Ag | 3 Apu0200, Apu0200 Firmware, Apu0200 | 2024-09-19 | 5.3 Medium |
| Insufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden functionality via HTTP requests. | ||||
| CVE-2023-43700 | 1 Sick | 3 Apu0200, Apu0200 Firmware, Rdt400 | 2024-09-19 | 7.7 High |
| Missing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data via HTTP requests that no not require authentication. | ||||
| CVE-2023-43699 | 2 Sick, Sick Ag | 3 Apu0200, Apu0200 Firmware, Apu0200 | 2024-09-19 | 7.5 High |
| Improper Restriction of Excessive Authentication Attempts in RDT400 in SICK APU allows an unprivileged remote attacker to guess the password via trial-and-error as the login attempts are not limited. | ||||
| CVE-2023-5103 | 1 Sick | 2 Apu0200, Apu0200 Firmware | 2024-09-18 | 4.3 Medium |
| Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user into clicking on an actionable item using an iframe. | ||||
| CVE-2023-43696 | 1 Sick | 2 Apu0200, Apu0200 Firmware | 2024-09-18 | 8.2 High |
| Improper Access Control in SICK APU allows an unprivileged remote attacker to download as well as upload arbitrary files via anonymous access to the FTP server. | ||||
| CVE-2024-8751 | 1 Sick | 1 Msc800 Firmware | 2024-09-13 | 7.5 High |
| A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product’s IP address over Sopas ET. This can lead to Denial of Service. Users are recommended to upgrade both MSC800 and MSC800 LFT to version V4.26 and S2.93.20 respectively which fixes this issue. | ||||
| CVE-2023-5246 | 1 Sick | 26 Fx0-gent00000, Fx0-gent00000 Firmware, Fx0-gent00010 and 23 more | 2024-09-11 | 8.8 High |
| Authentication Bypass by Capture-replay in SICK Flexi Soft Gateways with Partnumbers 1044073, 1127717, 1130282, 1044074, 1121597, 1099832, 1051432, 1127487, 1069070, 1112296, 1044072, 1121596, 1099830 allows an unauthenticated remote attacker to potentially impact the availability, integrity and confidentiality of the gateways via an authentication bypass by capture-replay. | ||||
| CVE-2019-14753 | 1 Sick | 4 Fx0-gent00000, Fx0-gent00000 Firmware, Fx0-gpnt00000 and 1 more | 2024-08-05 | 7.5 High |
| SICK FX0-GPNT00000 and FX0-GENT00000 devices through 3.4.0 have a Buffer Overflow | ||||
| CVE-2019-10979 | 1 Sick | 2 Msc800, Msc800 Firmware | 2024-08-04 | N/A |
| SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password. | ||||
| CVE-2020-2077 | 1 Sick | 1 Package Analytics | 2024-08-04 | 7.5 High |
| SICK Package Analytics software up to and including version V04.0.0 are vulnerable due to incorrect default permissions settings. An unauthorized attacker could read sensitive data from the system by querying for known files using the REST API directly. | ||||
| CVE-2020-2076 | 1 Sick | 1 Package Analytics | 2024-08-04 | 9.8 Critical |
| SICK Package Analytics software up to and including version V04.0.0 are vulnerable to an authentication bypass by directly interfacing with the REST API. An attacker can send unauthorized requests, bypass current authentication controls presented by the application and could potentially write files without authentication. | ||||
| CVE-2020-2075 | 1 Sick | 60 Clv620, Clv620 Firmware, Clv621 and 57 more | 2024-08-04 | 7.5 High |
| Platform mechanism AutoIP allows remote attackers to reboot the device via a crafted packet in SICK AG solutions Bulkscan LMS111, Bulkscan LMS511, CLV62x – CLV65x, ICR890-3, LMS10x, LMS11x, LMS15x, LMS12x, LMS13x, LMS14x, LMS5xx, LMS53x, MSC800, RFH. | ||||
| CVE-2020-2078 | 1 Sick | 1 Package Analytics | 2024-08-04 | 6.5 Medium |
| Passwords are stored in plain text within the configuration of SICK Package Analytics software up to and including V04.1.1. An authorized attacker could access these stored plaintext credentials and gain access to the ftp service. Storing a password in plaintext allows attackers to easily gain access to systems, potentially compromising personal information or other sensitive information. | ||||
| CVE-2021-32503 | 1 Sick | 2 Ftmg, Ftmg Firmware | 2024-08-03 | 4.9 Medium |
| Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch further attacks on the system. | ||||
| CVE-2021-32499 | 1 Sick | 1 Sopas Engineering Tool | 2024-08-03 | 7.5 High |
| SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the command line arguments to pass in any value to the Emulator executable. | ||||
| CVE-2021-32497 | 1 Sick | 1 Sopas Engineering Tool | 2024-08-03 | 8.6 High |
| SICK SOPAS ET before version 4.8.0 allows attackers to wrap any executable file into an SDD and provide this to a SOPAS ET user. When a user starts the emulator the executable is run without further checks. | ||||