Lucene search
K
SickPackage Analytics

16 matches found

CVE
CVE
added 2020/07/29 1:18 p.m.52 views

CVE-2020-2077

CVE-2020-2077 concerns SICK Package Analytics. The vulnerability arises from incorrect default permissions in SICK Package Analytics software, affecting versions up to and including V04.0.0, allowing an unauthorized remote attacker to read sensitive data via REST API queries. Some sources indicat...

7.5CVSS7.3AI score0.01015EPSS
CVE
CVE
added 2025/06/12 1:27 p.m.52 views

CVE-2025-49186

CVE-2025-49186 describes insufficient measures to prevent multiple failed authentication attempts, enabling brute-force attempts. Connected sources tie this to vulnerabilities in SICK Enterprise Analytics and SICK Logistic Analytics products (PSIRT), noting potential impacts to confidentiality an...

6.5CVSS7.3AI score0.0032EPSS
CVE
CVE
added 2020/07/29 1:18 p.m.46 views

CVE-2020-2076

CVE-2020-2076 affects SICK Package Analytics software up to and including version V04.0.0. The issue is an authentication bypass caused by direct REST API access, enabling an attacker to issue unauthorized requests and potentially write files without authentication. Public sources in the connecte...

9.8CVSS9.5AI score0.01261EPSS
CVE
CVE
added 2020/07/29 1:19 p.m.44 views

CVE-2020-2078

The CVE-2020-2078 entry concerns SICK Package Analytics (up to v04.1.1). The root cause is plaintext storage of passwords in the software configuration, allowing an attacker with authorized access to read credentials and gain access to the FTP service. Impact stated: potential exposure of passwor...

6.5CVSS6.5AI score0.00752EPSS
CVE
CVE
added 2025/06/12 1:24 p.m.44 views

CVE-2025-49184

CVE-2025-49184 describes an information-disclosure issue caused by missing authorization for configuration settings, enabling a remote attacker to gather sensitive application data. Connected sources reference SICK Field Analytics and SICK Media Server as affected products and reiterate the unaut...

7.5CVSS6.8AI score0.00412EPSS
CVE
CVE
added 2025/06/12 2:15 p.m.44 views

CVE-2025-49193

Technical details (affected product/versions/root cause/fix) are not publicly provided in the supplied documents; monitor for updates.

6.1CVSS7.3AI score0.00263EPSS
CVE
CVE
added 2025/10/06 7:3 a.m.21 views

CVE-2025-58587

The CVE-2025-58587 entry describes improper restriction of excessive authentication attempts, enabling credential guessing due to insufficient protection against brute‑force login attempts. Connected documents corroborate a theme of brute‑force/authentication‑hint vulnerabilities in SICK products...

9.8CVSS6.7AI score0.00459EPSS
CVE
CVE
added 2025/10/06 7:6 a.m.20 views

CVE-2025-58590

CVE-2025-58590 is described across multiple sources as a path traversal/brute-force vulnerability in SICK analytics products (notably SICK Enterprise Analytics and SICK Logistic Analytics) that could lead to disclosure of sensitive information. The connected documents confirm the vulnerability pa...

7.5CVSS6.5AI score0.00494EPSS
CVE
CVE
added 2025/10/06 7:1 a.m.16 views

CVE-2025-58584

CVE-2025-58584 pertains to credentials transmitted in the URL as parameters in HTTP requests, which can be logged or cached by servers, browsers, or proxies. Connected docs associate this with SICK Enterprise Analytics and SICK Logistic Analytics products and indicate a risk of disclosure of user...

7.5CVSS6.4AI score0.00363EPSS
CVE
CVE
added 2025/10/06 7:7 a.m.16 views

CVE-2025-58591

CVE-2025-58591 describes a path traversal vulnerability affecting SICK Enterprise Analytics and SICK Logistic Analytics products, allowing a remote attacker to brute-force folders and files to read sensitive data (e.g., private keys/configs). Connected sources indicate affected SICK software, but...

7.5CVSS6.4AI score0.00494EPSS
CVE
CVE
added 2025/10/06 6:45 a.m.16 views

CVE-2025-9914

CVE-2025-9914 involves credentials stored in the system’s local database that can be used for login, potentially granting unauthorized access and affecting confidentiality. Connected documents identify SICK products (e.g., SICK AG Baggage Analytics) as affected, with the root cause described as l...

7.5CVSS6.2AI score0.00301EPSS
CVE
CVE
added 2025/10/06 7:2 a.m.15 views

CVE-2025-58586

CVE-2025-58586 affects SICK Enterprise Analytics and SICK Logistic Analytics products. The vulnerability stems from distinct error messages for login failures (incorrect password vs. non-existent username), enabling attacker-driven username enumeration. Reported impact: information disclosure (us...

5.3CVSS6.6AI score0.0034EPSS
CVE
CVE
added 2025/10/06 7:9 a.m.14 views

CVE-2025-58579

The CVE-2025-58579 entry describes an authentication bypass where an unauthenticated user can request data from a specific endpoint, enabling user enumeration. Connected sources confirm the vulnerability relates to SICK Enterprise Analytics and SICK Logistic Analytics products (SICK PSIRT advisor...

5.3CVSS6.5AI score0.0038EPSS
CVE
CVE
added 2025/10/06 7:1 a.m.14 views

CVE-2025-58585

CVE-2025-58585 concerns multiple endpoints in SICK analytics products that expose sensitive information without authentication, enabling information gathering. Public documentation references include: (1) SICK Enterprise Analytics / SICK Logistic Analytics and related products (connected CVE entr...

7.5CVSS6.2AI score0.004EPSS
CVE
CVE
added 2025/10/06 7:3 a.m.13 views

CVE-2025-58589

CVE-2025-58589 describes an information-disclosure vulnerability where errors reveal full stack traces to users, exposing internal class/method names and application structure. Connected sources confirm affected SICK products: SICK Enterprise Analytics and SICK Logistic Analytics (for example, SI...

6.5CVSS6.3AI score0.00337EPSS
CVE
CVE
added 2025/10/06 6:40 a.m.13 views

CVE-2025-9913

CVE-2025-9913 describes a cross-site scripting issue where JavaScript can be executed from the address bar via the dashboard’s “Open in new Tab” button, enabling session hijacking. Affected product family includes SICK Enterprise Analytics and related SICK analytics dashboards (e.g., SICK Baggage...

6.1CVSS6.5AI score0.00272EPSS