Sudo vulnerability affects Endress+Hauser MCS200HW

The display unit of the Endress+Hauser MCS200HW is affected by a sudo chroot vulnerability...

Vulnerabilities affecting SICK Lector85x and SICK Lector83x

Two vulnerabilities affecting the SICK Lector85x and SICK Lector83x product families have been identified. Both vulnerabilities are caused by insufficient access restrictions in HTTP-based interfaces, which may allow unauthenticated access to sensitive device resources. Depending on the...

Vulnerabilities affecting SICK LMS1000 and SICK MRS1000

Two vulnerabilities affect the SICK LMS1000 and SICK MRS1000 product families. The vulnerabilities allow the use of weak cryptographic configurations in the SSH service, which may enable an attacker with network access to observe, manipulate, or compromise the integrity of SSH communications. SIC...

Eclipse Cyclone DDS Vulnerabilities have no impact on SICK picoScan150 & SICK picoScan120 products

Eclipse Cyclone DDS has known vulnerabilities and is used in SICK picoScan150 and SICK picoScan120 products starting with version 2.2.0. A current analysis confirms that the identified vulnerabilities CVE-2025-67109 and CVE-2023-24011 do not affect SICK picoScan150 and SICK picoScan120. Both...

Vulnerability affecting SICK nanoScan3 and microScan3

SICK has identified a 3rd party vulnerability CVE-2025-55093 in the nanoScan3 and microScan3. Only specific variants within the microScan3 and nanoScan3 families are affected by CVE-2025-55093. The underlying issue in the NetX Duo networking module could, under specific conditions, cause the devi...

Vulnerabilities affecting SICK TDC-X401GL

SICK has identified multiple vulnerabilities in the SICK TDC-X401GL product. The vulnerabilities could potentially affect the confidentiality, integrity an availability of the product. Therefore it is strongly recommended to apply general security practices when operating the product. SICK is...

Vulnerabilities affecting SICK Incoming Goods Suite

SICK has identified multiple vulnerabilities in the SICK Incoming Goods Suite product. Vulnerabilities related to Grafana apply exclusively to the administrative user interface for log management and do not affect the Incoming Goods Suite user interface. The vulnerabilities could potentially affe...

CodeMeter vulnerablity affects SICK CODE-LOC and SICK LIDAR-LOC

A vulnerability in the CodeMeter runtime affects the SICK products SICK CODE-LOC and SICK LIDAR-LOC. This could potentially affect the integrity, confidentiality and availability of the products. Only systems running on Microsoft Windows are affected. Furthermore, the systems are only affected wh...

Vulnerabilities affecting SICK TLOC100-100

SICK has identified multiple vulnerabilities in the SICK TLOC100-100 product. The vulnerabilities could potentially affect the confidentiality, integrity an availability of the product. Therefore it is strongly recommended to apply general security practices when operating the product. SICK is...

Sudo vulnerability affects SICK SID products

SICK SID products are affected by the sudo vulnerability CVE-2025-32463. SICK strongly recommends to update to the latest version to mitigate the risk...

Vulnerabilities affecting Endress+Hauser SSG-E210GC

Several vulnerabilities in the Endress+Hauser SSG-E210GC product were discoverd. The advisory includes a total of 23 vulnerabilities, of which 14 are confirmed as affected and 9 as known not affected...

Multiple vulnerabilities in SICK Enterprise Analytics and SICK Logistic Analytics Products

SICK has found multiple vulnerabilities in SICK Enterprise Analytics and the SICK Logistic Analytics products. The vulnerabilities could potentially affect the confidentiality, integrity and availability of the products. Therefore it is strongly recommended to apply general security practices whe...

Vulnerabilities affecting SICK TDC-E210GC

SICK has identified multiple vulnerabilities in the SICK TDC-E210GC product. The advisory includes a total of 23 vulnerabilities, of which 14 are confirmed as affected and 9 as known not affected. At this time, SICK is not aware of any public exploits specifically targeting these vulnerabilities...

Multiple vulnerabilities in Endress+Hauser MEAC300-FNADE4

Several vulnerabilities in the Endress+Hauser MEAC300-FNADE4 were discovered, that can be accessed via Ethernet...

Multiple vulnerabilities in SICK Field Analytics and SICK Media Server

SICK has found multiple vulnerabilities in the products SICK Field Analytics and SICK Media Server. The vulnerabilities could potentially affect the confidentiality, integrity an availability of the products. Therefore it is strongly recommended to apply general security practices when operating...

Vulnerability affecting picoScan and multiScan

SICK has identified a Denial of Service vulnerability CVE-2025-32472 in picoScan and multiScan, which can cause the web page to become unresponsive. Due to their architectural design, these products are not affected by the other vulnerabilities listed in this advisory. Currently SICK is not aware...

Vulnerabilities in SICK Flexi Compact

SICK has found two vulnerabilities that affect the SICK Flexi Compact. The vulnerabilities may affect the availability and confidentiality of the products. SICK is currently not aware of any public exploits...

Critical vulnerabilities in SICK DL100-2xxxxxxx

Critical vulnerabilities have been found in the SICK device DL100-2xxxxxxx. If exploited, this potentially allows an attacker to impact availabiltiy, integrity and confidentaility of the products. Currently, SICK is not aware of any public exploits specifically targeting these vulnerabilities. As...

FreeRTOS Vulnerabilities have no impact on SICK Products

FreeRTOS has several known vulnerabilities and is used in various SICK products. A current analysis confirms that the identified vulnerabilities in FreeRTOS do not affect the mentioned SICK products. At this time, there is no indication of any potential risks to these SICK products...

Multiple vulnerabilities in SICK MEAC300

SICK has identified vulnerabilities in MEAC300. These vulnerabilities, related to the OpenSSL library and specific device functionalities, could potentially allow remote, unauthenticated attackers to: 1 Cause a denial of service: Triggering an infinite loop that consumes CPU resources, rendering...

Vulnerability in SICK Lector8xx and SICK InspectorP8xx

SICK has found two vulnerabilities that affect the SICK Lector8xx and SICK InspectorP8xx. The vulnerabilities may allow a remote low priviledged attacker to run arbitrary shell commands by manipulating the firmware file or executing low-level functions. SICK is currently not aware of any public...

Vulnerability in SICK OLM

SICK received a report about a vulnerability in the SICK Support Portal supportportal.sick.com, which was hosted and operated by a third-party service provider. Due to a misconfiguration, the access restriction of a NFS Network File System storage system has failed, which resulted in temporary...

Critical vulnerabilities in SICK InspectorP61x, InspectorP62x and TiM3xx

Multiple critical vulnerabilities were found in the SICK products InspectorP61x, InspectorP62x and TiM3xx. If exploited, this potentially allows an attacker to impact availabiltiy, integrity and confidentaility of the products. It is strongly recommended to upgrade the InspectorP61x, InspectorP62...

Vulnerability in SICK Incoming Goods Suite

SICK found a vulnerability in the Incoming Goods Suite which allows privilege escalation to the administrative level. Currently SICK is not aware of any public exploits specifically targeting the vulnerability. SICK has released a new version and strongly recommends updating to the newest version...

Third party vulnerabilities in SICK CDE-100

The SICK CDE-100 uses the open-source libraries FreeRTOS, lwIP and MCU Boot. The used libraries contain vulnerabilities that affect the SICK CDE-100...

Critical vulnerability in multiple SICK products

A critical vulnerability has been discovered in the .sdd files of several SICK products. This vulnerability could allow a remote, unauthenticated attacker to gain access to the "Authorized Client" user role, potentially impacting the availability and integrity of the affected SICK products. Users...

Vulnerability in SICK MSC800

SICK found a security vulnerability in the SICK MSC800. This vulnerability allows an unauthenticated attacker to modify the IP address of the product through the SopasET interface, potentially leading to Denial of Service. Currently SICK is not aware of any public exploits specifically targeting...

Vulnerability in SICK Logistics Analytics Products and SICK Field Analytics

A critical vulnerability in Apache ActiveMQ affects the SICK products Field Analytics 1.2 and Logistics Analytics products 4.5. The Java OpenWire protocol marshaller that is used in ActiveMQ Classic and ActiveMQ Artemis is vulnerable to Remote Code execution. This vulnerability may allow a remote...

Vulnerability in multiple SICK Flexi Soft Gateways

The SICK PSIRT received a report about a vulnerability in several Flexi Soft Gateways that could allow an attacker to login to the gateways by sending specially crafted packets and potentially impact the availabilty, integrity and confidentiality of the devices. SICK recommends making sure to run...

Vulnerabilities in SICK Application Processing Unit

Vulnerabilities in SICK Application Processing Unit...

Vulnerability in SICK SIM1012

To allow full programmability of the SICK SIM1012, all Ethernet ports are open by factory default. If unused ports are not closed, this could potentially allow a remote, unauthenticated attacker to impact the availability, confidentiality, and integrity of the SICK SIM1012. SICK is not aware of a...

Vulnerability in Wibu-Systems CodeMeter Runtime affects multiple SICK products

Wibu-Systems disclosed a security vulnerability in the CodeMeter Runtime. There is a heap buffer overflow vulnerability which can potentially lead to a remote code execution. Currently, no PoC is known to Wibu-Systems. To exploit the heap overflow, additional protection mechanisms need to be...

Vulnerabilities in SICK LMS5xx

SICK received a report about multiple vulnerabilities in the SICK LMS5xx, that can be accessed via Ethernet. If exploited, this potentially allows a remote unauthenticated attacker to impact availabiltiy, integrity and confidentaility of the LMS5xx. SICK recommends making sure to run the product ...

Vulnerabilities in SICK ICR890-4

SICK has found several security vulnerabilities in the SICK ICR890-4. If exploited, these could allow an unauthenticated remote attacker to compromise the availability or confidentiality of the SICK ICR890-4. Currently, SICK is not aware of any public exploits that specifically target any of the...

Vulnerabilities in SICK EventCam App

SICK discovered vulnerabilities in the SICK EventCam App, that can be accessed via Ethernet. If exploited, this potentially allows a remote unauthenticated attacker to impact availabiltiy, integrity and confidentaility of the EventCam App. SICK recommends making sure to run the product in a secur...

Vulnerabilities in SICK FTMg

SICK found multiple security vulnerabilities in the SICK FTMg device. If exploited, these potentially allow a remote unauthenticated attacker to impact the availabiltiy or confidentaility of the FTMg device. Currently SICK is not aware of any public exploits specifically targeting any of the...

Vulnerability in SICK Flexi Soft and Flexi Classic Gateways

SICK discovered a vulnerability in several Flexi Classic and Flexi Soft Gateways. If exploited, this potentially allows a remote unauthenticated attacker to impact the availabiltiy of the gateways. SICK is not aware of an exploit targeting this vulnerability...

Use of Telnet in multiple SICK Flexi Soft and Flexi Classic Gateways

Several versions of the SICK Flexi Soft Gateways FX0-GENT, FX0-GMOD, FX0-GPNT and SICK Flexi Classic Gateway UE410 provide a Telnet interface for debugging, which is enabled by factory default. No password is set in the default configuration. If the password is not set by the customer, a remote...

Bootloader mode vulnerability in Flexi Soft Gateways v3

The SICK PSIRT received a report about a Missing Authentication for Critical Function vulnerability in the firmware of FX0-GPNT v3 and FX0-GENT v3. This vulnerability was introduced with the hardware redesign of the v3 of FX0-GENT and FX0-GPNT as part of the implementation of the RK512 protocol...

Use of a Broken or Risky Cryptographic Algorithm in SICK RFU6xx RADIO FREQUEN. SENSOR

SICK received a report about a vulnerability in the SICK RFU6XX RADIO FREQUEN. SENSOR. The used SSH service allowed for weak cipher suites to be used in traffic encryption. If weak cipher suites are used for traffic encryption, an attacker could potentially decrypt the traffic, which would affect...

SICK FlexiCompact affected by Denial of Service vulnerability

SICK discovered a vulnerability in the configuration interface of FlexiCompact that can be accessed via Ethernet or USB. If exploited, this potentially allows a remote unauthenticated attacker to impact availabiltiy of the FlexiCompact. SICK recommends making sure to run a non-affected version...

Password recovery vulnerability affects multiple SICK SIMs

SICK received a report about a vulnerability in multiple SICK SIM products. The vulnerability is classified as a "Missing Authentication for Critical Function" vulnerability and results from a mishandling of access to a password recovery mechanism. It is possible for an unprivileged, remote user ...

OpenSSL vulnerability affects multiple SICK SIMs

In March 2022, the OpenSSL development team disclosed a denial of service in versions "3.0.0," "3.0.1," "1.1.1"-"1.1.1m" and "1.0.2-1.0.2zc" of the OpenSSL library. Exploiting this vulnerability allows remote, unauthenticated attackers to cause an infinite loop. It is possible to trigger the...

Vulnerabilities in SICK Package Analytics

SICK received a report about multiple vulnerabilities in the SICK Package Analytics. The vulnerabilities result from the used MySQL database with version 5.7.25. The vulnerable MySQL version include Buffer-Overflow, Improper Access Control, and Improper Certification Validation vulnerabilities...

Vulnerability in SICK Flexi Soft Designer & Safety Designer

A deserialization vulnerability in a .NET framework class used by both SICK Flexi Soft Designer and SICK Safety Designer allows an attacker to create malicious project files...

Vulnerability in SICK Gateways for Flexi Soft, Flexi Compact, SICK EFI Gateway UE4740, SICK microScan3 and outdoorScan3

The PSIRT received a report about a vulnerability in some gateways for Flexi Soft, Flexi Compact, EFI gateway UE4740, microScan3 and the outdoorScan3. The vulnerability is classified as a denial-of-service vulnerability and results from a malformed UDP package. It is recommended to implement the...

Vulnerability in SICK Flexi Soft PROFINET IO Gateway FX0-GPNT and SICK microScan3 PROFINET

The PSIRT received a report about a vulnerability in the Gateway Flexi Soft and microScan3 PROFINET. The vulnerability is classified as a denial-of-service vulnerability and results form a mishandling of Read Implicit Request services...

Vulnerabilities in SICK MARSIC300

SICK received a report about multiple security vulnerabilities in the SICK MARSIC300 device. The security vulnerabilities are caused by the third-party library Dropbear, which is used by the SICK MARSIC300 to provide SSH communication. A successful exploitation of these vulnerabilities could lead...

Vulnerability in SICK Overall Equipment Effectiveness (OEE)

SICK received a report about a vulnerability in the SICK Overall Equipment Effectiveness OEE. The services under the OEE application are started in the context of system privileges. An attacker can perform a privilege escalation if the application is installed in a directory, where non...

Microsoft vulnerability affects multiple SICK IPCs with SICK MEAC

The CVE-2021-26414 “Windows DCOM Server Security Feature Bypass” was issued by Microsoft, that may affect the functionality of the SICK MEAC software installed on SICK IPCs. Interpretation: The vulnerability allows a remote attacker to bypass the Windows DCOM Server authentication process...