Description
An attacker may access restricted filesystem areas on the device via the CROWN REST interface due to incomplete whitelist enforcement. Certain directories intended for internal testing were not covered by the whitelist and are accessible without authentication. An unauthenticated attacker could place a manipulated parameter file that becomes active after a reboot, allowing modification of critical device settings, including network configuration and application parameters.
Published: 2026-03-06
Score: 9.4 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized modification of device settings and potential network compromise
Action: Immediate Patch
AI Analysis

Impact

An attacker can exploit weaknesses in the CROWN REST interface to bypass filesystem access controls. The incomplete whitelist allows access to directories intended for internal testing that are not protected by authentication. Once accessed, an attacker could upload a modified configuration file that activates after a system reboot, enabling changes to critical parameters such as network settings and application behavior. This could lead to unauthorized device operation, data exfiltration, or service disruption.

Affected Systems

The vulnerability affects SICK AG products Lector83x and Lector85x. Specific firmware or release versions susceptible to this flaw are not listed, so all deployed instances of these devices should be considered potentially vulnerable until an official update is applied.

Risk and Exploitability

The flaw carries a CVSS score of 9.4, indicating very high severity. EPSS is reported as less than 1 %, suggesting a low current likelihood of exploitation, though the vulnerability remains present. It is not registered in the CISA KEV catalog. The attack vector is likely external or network‑based, leveraging the open CROWN REST endpoint without authentication. Successful exploitation would provide an attacker with full read/write access to the device’s configuration, effectively bypassing normal security controls.

Generated by OpenCVE AI on April 17, 2026 at 12:22 UTC.

Remediation

Vendor Solution

Users are strongly recommended to upgrade to release version 2.8.0.

OpenCVE Recommended Actions

  • Apply the vendor’s patch by upgrading the device firmware to release version 2.8.0.
  • Configure network controls so the CROWN REST interface is only reachable from trusted internal networks or block it entirely if not required for operation.
  • Audit filesystem and configuration file permissions to ensure that only authorized directories are exposed and that no test directories are accessible from the public interface, and review logs for suspicious file uploads.

Generated by OpenCVE AI on April 17, 2026 at 12:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 09 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 09 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Sick Ag
Sick Ag sick Lector83x
Sick Ag sick Lector85x
Vendors & Products Sick Ag
Sick Ag sick Lector83x
Sick Ag sick Lector85x

Fri, 06 Mar 2026 08:00:00 +0000

Type Values Removed Values Added
Description An attacker may access restricted filesystem areas on the device via the CROWN REST interface due to incomplete whitelist enforcement. Certain directories intended for internal testing were not covered by the whitelist and are accessible without authentication. An unauthenticated attacker could place a manipulated parameter file that becomes active after a reboot, allowing modification of critical device settings, including network configuration and application parameters.
Title CVE-2026-2330
Weaknesses CWE-552
References
Metrics cvssV3_1

{'score': 9.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H'}

Subscriptions

Sick Ag Sick Lector83x Sick Lector85x
cve-icon MITRE

Status: PUBLISHED

Assigner: SICK AG

Published:

Updated: 2026-03-09T21:04:31.663Z

Reserved: 2026-02-11T09:33:15.947Z

Link: CVE-2026-2330

cve-icon Vulnrichment

Updated: 2026-03-09T20:58:06.423Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-06T08:16:27.253

Modified: 2026-03-09T13:35:34.633

Link: CVE-2026-2330

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T12:30:06Z

Weaknesses