SICK Security Vulnerabilities
SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password.
9.8CVSS
9.2AI Score
0.01EPSS
7.5CVSS
7.6AI Score
0.001EPSS
Platform mechanism AutoIP allows remote attackers to reboot the device via a crafted packet in SICK AG solutions Bulkscan LMS111, Bulkscan LMS511, CLV62x – CLV65x, ICR890-3, LMS10x, LMS11x, LMS15x, LMS12x, LMS13x, LMS14x, LMS5xx, LMS53x, MSC800, RFH.
7.5CVSS
7.3AI Score
0.002EPSS
SICK Package Analytics software up to and including version V04.0.0 are vulnerable to an authentication bypass by directly interfacing with the REST API. An attacker can send unauthorized requests, bypass current authentication controls presented by the application and could potentially write files...
9.8CVSS
9.5AI Score
0.003EPSS
SICK Package Analytics software up to and including version V04.0.0 are vulnerable due to incorrect default permissions settings. An unauthorized attacker could read sensitive data from the system by querying for known files using the REST API directly.
7.5CVSS
7.3AI Score
0.002EPSS
Passwords are stored in plain text within the configuration of SICK Package Analytics software up to and including V04.1.1. An authorized attacker could access these stored plaintext credentials and gain access to the ftp service. Storing a password in plaintext allows attackers to easily gain acce...
6.5CVSS
6.5AI Score
0.001EPSS
SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inadequate Encryption Strength vulnerability concerning the internal SSH interface solely used by SICK for recovering returned devices. The use of weak ciphers make it easier for an attacker to break the security that protects inform...
5.3CVSS
5.1AI Score
0.001EPSS
SICK SOPAS ET before version 4.8.0 allows attackers to wrap any executable file into an SDD and provide this to a SOPAS ET user. When a user starts the emulator the executable is run without further checks.
8.6CVSS
8.5AI Score
0.001EPSS
SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the pathname of the emulator and use path traversal to run an arbitrary executable located on the host system. When the user starts the emulator from SOPAS ET the corresponding executable will be started instead of the emulator
8.6CVSS
8.6AI Score
0.001EPSS
SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the command line arguments to pass in any value to the Emulator executable.
7.5CVSS
7.5AI Score
0.001EPSS
Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch further attacks on the system.
4.9CVSS
5AI Score
0.001EPSS
Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch further attacks on the system.
5.3CVSS
5.2AI Score
0.001EPSS
The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise services...
9.1CVSS
9AI Score
0.002EPSS
An attacker can perform a privilege escalation through the SICK OEE if the application is installed in a directory where non authenticated or low privilege users can modify its content.
7.8CVSS
7.7AI Score
0.0004EPSS
A deserialization vulnerability in a .NET framework class used and not properly checked by Flexi Soft Designer in all versions up to and including 1.9.4 SP1 allows an attacker to craft malicious project files. Opening/importing such a malicious project file would execute arbitrary code with the pri...
7.8CVSS
7.7AI Score
0.001EPSS
A deserialization vulnerability in a .NET framework class used and not properly checked by Safety Designer all versions up to and including 1.11.0 allows an attacker to craft malicious project files. Opening/importing such a malicious project file would execute arbitrary code with the privileges of...
7.8CVSS
7.7AI Score
0.001EPSS
Use of a Broken or Risky Cryptographic Algorithm in SICK RFU61x firmware version <v2.25 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the fir...
6.5CVSS
6.5AI Score
0.001EPSS
Password recovery vulnerability in SICK SIM4000 (PPC) Partnumber 1078787 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and there...
9.8CVSS
9.6AI Score
0.004EPSS
A remote unprivileged attacker can interact with the configuration interface of a Flexi-Compact FLX3-CPUC1 or FLX3-CPUC2 running an affected firmware version to potentially impact the availability of the FlexiCompact.
9.1CVSS
9AI Score
0.001EPSS
Password recovery vulnerability in SICK SIM2000ST Partnumber 1080579 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby a...
9.8CVSS
9.6AI Score
0.004EPSS
Password recovery vulnerability in SICK SIM1000 FX Partnumber 1097816 and 1097817 with firmware version <1.6.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in...
9.8CVSS
9.5AI Score
0.004EPSS
Password recovery vulnerability in SICK SIM1004 Partnumber 1098148 with firmware version <2.0.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileg...
9.8CVSS
9.5AI Score
0.004EPSS
Password recovery vulnerability in SICK SIM2x00 (ARM) Partnumber 1092673 and 1081902 with firmware version < 1.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increas...
7.3CVSS
7.3AI Score
0.001EPSS
Password recovery vulnerability in SICK SIM1012 Partnumber 1098146 with firmware version <2.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileg...
7.3CVSS
7.4AI Score
0.001EPSS
Use of a Broken or Risky Cryptographic Algorithm in SICK RFU62x firmware version < 2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the fir...
6.5CVSS
6.4AI Score
0.001EPSS
Use of a Broken or Risky Cryptographic Algorithm in SICK RFU63x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the fi...
6.5CVSS
6.4AI Score
0.001EPSS
Use of a Broken or Risky Cryptographic Algorithm in SICK RFU65x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the fi...
6.5CVSS
6.4AI Score
0.001EPSS
Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 with firmware version <1.13.4 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privi...
9.8CVSS
9.5AI Score
0.003EPSS
Missing Authentication for Critical Function in SICK Flexi Classic and Flexi Soft Gateways with Partnumbers 1042193, 1042964, 1044078, 1044072, 1044073, 1044074, 1099830, 1099832, 1127717, 1069070, 1112296, 1051432, 1102420, 1127487, 1121596, 1121597 allows an unauthenticated remote attacker to inf...
8.2CVSS
8.2AI Score
0.002EPSS
Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remoteattacker to gain unauthorized access to data fields by using a therefore unpriviledged account via theREST interface.
7.5CVSS
7.5AI Score
0.001EPSS
Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface.
7.5CVSS
7.4AI Score
0.002EPSS
Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivilegedremote attacker to influence the availability of the webserver by invocing several open file requests viathe REST interface.
7.5CVSS
7.4AI Score
0.003EPSS
Inclusion of Sensitive Information in Source Code in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows aremote attacker to gain information about valid usernames via analysis of source code.
5.3CVSS
5.4AI Score
0.002EPSS
Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attackerto gain information about valid usernames by analyzing challenge responses from the server via theREST interface.
5.3CVSS
5.3AI Score
0.002EPSS
Use of Password Hash Instead of Password for Authentication in SICK FTMg AIRFLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526allows an unprivileged remote attacker to use a password hash instead of an actual password to loginto a valid user account via the R...
9.8CVSS
9.4AI Score
0.002EPSS
The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN1 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN3S04 FLEXI ETHERNET GATEW. with serial number <=2311xxx...
9.8CVSS
9.4AI Score
0.002EPSS
Missing Authentication for Critical Function in SICK FX0-GPNT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000.
9.8CVSS
9.8AI Score
0.004EPSS
Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000.
9.8CVSS
9.8AI Score
0.004EPSS
Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR withPartnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remoteattacker to potentially steal user credentials that are stored in the user’s browsers local storage viacross-site-scripting attacks.
7.5CVSS
7.3AI Score
0.001EPSS
Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an remote attacker to influence the availability of the webserver by invocing a Slowloris style attack via HTTP requests.
7.5CVSS
7.4AI Score
0.003EPSS
A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK EventCam App. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attack...
9.8CVSS
7.2AI Score
0.001EPSS
A remote unprivileged attacker can modify and access configuration settings on the EventCam App due to the absence of API authentication. The lack of authentication in the API allows the attacker to potentially compromise the functionality of the EventCam App.
9.8CVSS
9.4AI Score
0.001EPSS
The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an attacker manages to retrieve the hash, it could lead to collision attacks and the potential retrieval of the password.
7.5CVSS
7.4AI Score
0.001EPSS
Exposure of Sensitive Information to an Unauthorized Actor in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the system.
8.6CVSS
7.4AI Score
0.001EPSS
Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to gather information about the system and download data via the REST API by accessingunauthenticated endpoints.
8.2CVSS
7.4AI Score
0.001EPSS
Cleartext Transmission of Sensitive Information in the SICK ICR890-4 could allow aremote attacker to gather sensitive information by intercepting network traffic that is not encrypted.
7.5CVSS
7.2AI Score
0.001EPSS
Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to affect the availability of the device by changing settings of the device such as the IPaddress based on missing access control.
7.5CVSS
7.5AI Score
0.001EPSS
Unauthenticated endpoints in the SICK ICR890-4 could allow an unauthenticatedremote attacker to retrieve sensitive information about the device via HTTP requests.
7.5CVSS
7.2AI Score
0.001EPSS
Improper Restriction of Excessive Authentication Attempts in the SICK ICR890-4could allow a remote attacker to brute-force user credentials.
7.5CVSS
7.5AI Score
0.001EPSS
Observable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify valid usernames for the FTP server from the response given during a failed loginattempt.
5.3CVSS
5.2AI Score
0.001EPSS