Vulnerability in SICK MSC800

SICK received a report about a vulnerability in the SICK MSC800. An attacker could compromise services on the MSC800 by a TCP sequence prediction attack if a vulnerable version is used...

Vulnerabilities in SICK FTMg

SICK received a report about multiple security vulnerabilities in the SICK FTMg device. Currently SICK is not aware of any public exploits specifically targeting any of the vulnerabilities. SICK has released a new version of the SICK FTMg firmware and recommends updating to the newest version...

PwnKit vulnerability affects multiple SICK IPCs

CVE-2021-4034 is a Local Privilege Escalation LPE vulnerability, located in the "Polkit" package installed by default on almost every major distribution of the Linux operating system. On 2022-01-25, Qualys released an advisory for this LPE vulnerability, advising to either update the “Polkit”...

Vulnerability in SICK FieldEcho

WIBU publicly released an advisory for the WIBU product “CodeMeter Runtime Network Server”. The advisory discloses a buffer over-read vulnerability that was found in the WIBU product “CodeMeter Runtime Network Server”. By default the network server functionality is disabled, however the SICK...

Vulnerabilities in SICK SOPAS ET

SICK received a report from Eden Bar of Claroty about multiple security vulnerabilities in the SICK SOPAS ET software. An unauthorized attacker could potentially craft a malicious SOPAS Device Driver SDD file, that if a user imports that file to SOPAS ET could allow arbitrary code execution on th...

SICK Security Advisory for Apache Log4j (CVE-2021-44228)

SICK Security Advisory for Apache Log4j CVE-2021-44228...

MEAC affected by Windows SMBv1 vulnerability

Microsoft disclosed a critical security vulnerability in the Microsoft Server Message Block 1.0 SMBv1 back in 2017. A successful exploitation of this vulnerability could lead to remote code execution with administrator privileges...

Inadequate SSH configuration in SICK Visionary-S CX

SICK received a report that informed SICK about an Inadequate Encryption Strength vulnerability in the SICK product “SICK Visionary-S CX” concerning the internal SSH interface solely used by SICK for recovering returned devices. Currently SICK is not aware of any public exploits specifically...

Package Analytics affected by Windows TCP/IP vulnerability

Microsoft disclosed a critical vulnerability in the way ICMPv6 Router Advertisement packets are handled on Windows 10 and Windows Server 2019. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client. To exploit this...

Vulnerability in Platform Mechanism AutoIP

SICK received a report from IOActive that informed SICK about a security vulnerability within the platform mechanism AutoIP, used by multiple devices. SICK recommends updating to the newest version. Refer to the recommended remediations for affected products where no update is available. Currentl...

MEAC affected by Windows SMBv3 vulnerability

Microsoft disclosed a critical vulnerability in the way Microsoft Server Message Block 3.1.1 SMBv3 handles compressed connections. That may allow unauthenticated attackers to execute arbitrary code on a vulnerable device. Since the MEAC central emission monitoring computer EPC acts as a SMB serve...

Vulnerabilities in SICK Package Analytics

SICK received a report about multiple security vulnerabilities in the Package Analytics software. Successful exploitation of these vulnerabilities could allow an unauthorized remote attacker to read and write the configuration of the software, read data directly from the file system and view...

Security Information Regarding "Profile Programming"

The customer IOActive provided a Security Advisory report to SICK AG referring to the feature profile programming with regards to the listed affected products. Certain SICK products support profile programming with bar codes, generated and printed via SOPAS ET...

Vulnerability in SICK FX0-GENT00000 and SICK FX0-GPNT00000

The security-testlab team of Fraunhofer IOSB in Karlsruhe reported a security vulnerability that affects SICK FX0-GPNT00000 and SICK FX0-GENT00000 in the version V3.04.0. The SICK FX0-GPNT00000 and SICK FX0-GENT00000 are vulnerable to a buffer overflow by exploiting the available resources with U...

MSC800 affected by hard-coded credentials vulnerability

The ICS-CERT reported a security vulnerability that affects MSC800 versions before 4.0. The MSC800 uses hard-coded credentials, which potentially allow low-skilled remote attackers to reconfigure settings and /or disrupt the functionality of the device. Currently SICK is not aware of any public...