Vulnerability in SICK OLM

SICK received a report about a vulnerability in the SICK Support Portal supportportal.sick.com, which was hosted and operated by a third-party service provider. Due to a misconfiguration, the access restriction of a NFS Network File System storage system has failed, which resulted in temporary...

Vulnerability in SICK Incoming Goods Suite

SICK found a vulnerability in the Incoming Goods Suite which allows privilege escalation to the administrative level. Currently SICK is not aware of any public exploits specifically targeting the vulnerability. SICK has released a new version and strongly recommends updating to the newest version...

Critical vulnerability in multiple SICK products

A critical vulnerability has been discovered in the .sdd files of several SICK products. This vulnerability could allow a remote, unauthenticated attacker to gain access to the "Authorized Client" user role, potentially impacting the availability and integrity of the affected SICK products. Users...

Vulnerability in Wibu-Systems CodeMeter Runtime affects multiple SICK products

Wibu-Systems disclosed a security vulnerability in the CodeMeter Runtime. There is a heap buffer overflow vulnerability which can potentially lead to a remote code execution. Currently, no PoC is known to Wibu-Systems. To exploit the heap overflow, additional protection mechanisms need to be...

Vulnerability in SICK Gateways for Flexi Soft, Flexi Compact, SICK EFI Gateway UE4740, SICK microScan3 and outdoorScan3

The PSIRT received a report about a vulnerability in some gateways for Flexi Soft, Flexi Compact, EFI gateway UE4740, microScan3 and the outdoorScan3. The vulnerability is classified as a denial-of-service vulnerability and results from a malformed UDP package. It is recommended to implement the...

Vulnerability in SICK Overall Equipment Effectiveness (OEE)

SICK received a report about a vulnerability in the SICK Overall Equipment Effectiveness OEE. The services under the OEE application are started in the context of system privileges. An attacker can perform a privilege escalation if the application is installed in a directory, where non...

Microsoft vulnerability affects multiple SICK IPCs with SICK MEAC

The CVE-2021-26414 “Windows DCOM Server Security Feature Bypass” was issued by Microsoft, that may affect the functionality of the SICK MEAC software installed on SICK IPCs. Interpretation: The vulnerability allows a remote attacker to bypass the Windows DCOM Server authentication process...

Vulnerability in Platform Mechanism AutoIP

SICK received a report from IOActive that informed SICK about a security vulnerability within the platform mechanism AutoIP, used by multiple devices. SICK recommends updating to the newest version. Refer to the recommended remediations for affected products where no update is available. Currentl...

Bootloader mode vulnerability in Flexi Soft Gateways v3

The SICK PSIRT received a report about a Missing Authentication for Critical Function vulnerability in the firmware of FX0-GPNT v3 and FX0-GENT v3. This vulnerability was introduced with the hardware redesign of the v3 of FX0-GENT and FX0-GPNT as part of the implementation of the RK512 protocol...

Vulnerability in SICK FieldEcho

WIBU publicly released an advisory for the WIBU product “CodeMeter Runtime Network Server”. The advisory discloses a buffer over-read vulnerability that was found in the WIBU product “CodeMeter Runtime Network Server”. By default the network server functionality is disabled, however the SICK...

Vulnerabilities in SICK SOPAS ET

SICK received a report from Eden Bar of Claroty about multiple security vulnerabilities in the SICK SOPAS ET software. An unauthorized attacker could potentially craft a malicious SOPAS Device Driver SDD file, that if a user imports that file to SOPAS ET could allow arbitrary code execution on th...

Inadequate SSH configuration in SICK Visionary-S CX

SICK received a report that informed SICK about an Inadequate Encryption Strength vulnerability in the SICK product “SICK Visionary-S CX” concerning the internal SSH interface solely used by SICK for recovering returned devices. Currently SICK is not aware of any public exploits specifically...

Vulnerabilities in SICK Package Analytics

SICK received a report about multiple security vulnerabilities in the Package Analytics software. Successful exploitation of these vulnerabilities could allow an unauthorized remote attacker to read and write the configuration of the software, read data directly from the file system and view...

MSC800 affected by hard-coded credentials vulnerability

The ICS-CERT reported a security vulnerability that affects MSC800 versions before 4.0. The MSC800 uses hard-coded credentials, which potentially allow low-skilled remote attackers to reconfigure settings and /or disrupt the functionality of the device. Currently SICK is not aware of any public...

Security Information Regarding "Profile Programming"

The customer IOActive provided a Security Advisory report to SICK AG referring to the feature profile programming with regards to the listed affected products. Certain SICK products support profile programming with bar codes, generated and printed via SOPAS ET...