Icr890-4 Firmware Security Vulnerabilities - 2023

CVE-2023-3270

Exposure of Sensitive Information to an Unauthorized Actor in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the system.

CVE-2023-3271

Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to gather information about the system and download data via the REST API by accessingunauthenticated endpoints.

CVE-2023-3272

Cleartext Transmission of Sensitive Information in the SICK ICR890-4 could allow aremote attacker to gather sensitive information by intercepting network traffic that is not encrypted.

CVE-2023-3273

Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to affect the availability of the device by changing settings of the device such as the IPaddress based on missing access control.

CVE-2023-35696

Unauthenticated endpoints in the SICK ICR890-4 could allow an unauthenticatedremote attacker to retrieve sensitive information about the device via HTTP requests.

CVE-2023-35697

Improper Restriction of Excessive Authentication Attempts in the SICK ICR890-4could allow a remote attacker to brute-force user credentials.

CVE-2023-35698

Observable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify valid usernames for the FTP server from the response given during a failed loginattempt.

CVE-2023-35699

Cleartext Storage on Disk in the SICK ICR890-4 could allow an unauthenticated attacker with local access to the device to disclose sensitive information by accessing a SD card.