16 matches found
CVE-2020-2077
CVE-2020-2077 concerns SICK Package Analytics. The vulnerability arises from incorrect default permissions in SICK Package Analytics software, affecting versions up to and including V04.0.0, allowing an unauthorized remote attacker to read sensitive data via REST API queries. Some sources indicat...
CVE-2025-49186
CVE-2025-49186 describes insufficient measures to prevent multiple failed authentication attempts, enabling brute-force attempts. Connected sources tie this to vulnerabilities in SICK Enterprise Analytics and SICK Logistic Analytics products (PSIRT), noting potential impacts to confidentiality an...
CVE-2020-2076
CVE-2020-2076 affects SICK Package Analytics software up to and including version V04.0.0. The issue is an authentication bypass caused by direct REST API access, enabling an attacker to issue unauthorized requests and potentially write files without authentication. Public sources in the connecte...
CVE-2020-2078
The CVE-2020-2078 entry concerns SICK Package Analytics (up to v04.1.1). The root cause is plaintext storage of passwords in the software configuration, allowing an attacker with authorized access to read credentials and gain access to the FTP service. Impact stated: potential exposure of passwor...
CVE-2025-49184
CVE-2025-49184 describes an information-disclosure issue caused by missing authorization for configuration settings, enabling a remote attacker to gather sensitive application data. Connected sources reference SICK Field Analytics and SICK Media Server as affected products and reiterate the unaut...
CVE-2025-49193
Technical details (affected product/versions/root cause/fix) are not publicly provided in the supplied documents; monitor for updates.
CVE-2025-58587
The CVE-2025-58587 entry describes improper restriction of excessive authentication attempts, enabling credential guessing due to insufficient protection against brute‑force login attempts. Connected documents corroborate a theme of brute‑force/authentication‑hint vulnerabilities in SICK products...
CVE-2025-58590
CVE-2025-58590 is described across multiple sources as a path traversal/brute-force vulnerability in SICK analytics products (notably SICK Enterprise Analytics and SICK Logistic Analytics) that could lead to disclosure of sensitive information. The connected documents confirm the vulnerability pa...
CVE-2025-58584
CVE-2025-58584 pertains to credentials transmitted in the URL as parameters in HTTP requests, which can be logged or cached by servers, browsers, or proxies. Connected docs associate this with SICK Enterprise Analytics and SICK Logistic Analytics products and indicate a risk of disclosure of user...
CVE-2025-58591
CVE-2025-58591 describes a path traversal vulnerability affecting SICK Enterprise Analytics and SICK Logistic Analytics products, allowing a remote attacker to brute-force folders and files to read sensitive data (e.g., private keys/configs). Connected sources indicate affected SICK software, but...
CVE-2025-9914
CVE-2025-9914 involves credentials stored in the system’s local database that can be used for login, potentially granting unauthorized access and affecting confidentiality. Connected documents identify SICK products (e.g., SICK AG Baggage Analytics) as affected, with the root cause described as l...
CVE-2025-58586
CVE-2025-58586 affects SICK Enterprise Analytics and SICK Logistic Analytics products. The vulnerability stems from distinct error messages for login failures (incorrect password vs. non-existent username), enabling attacker-driven username enumeration. Reported impact: information disclosure (us...
CVE-2025-58579
The CVE-2025-58579 entry describes an authentication bypass where an unauthenticated user can request data from a specific endpoint, enabling user enumeration. Connected sources confirm the vulnerability relates to SICK Enterprise Analytics and SICK Logistic Analytics products (SICK PSIRT advisor...
CVE-2025-58585
CVE-2025-58585 concerns multiple endpoints in SICK analytics products that expose sensitive information without authentication, enabling information gathering. Public documentation references include: (1) SICK Enterprise Analytics / SICK Logistic Analytics and related products (connected CVE entr...
CVE-2025-58589
CVE-2025-58589 describes an information-disclosure vulnerability where errors reveal full stack traces to users, exposing internal class/method names and application structure. Connected sources confirm affected SICK products: SICK Enterprise Analytics and SICK Logistic Analytics (for example, SI...
CVE-2025-9913
CVE-2025-9913 describes a cross-site scripting issue where JavaScript can be executed from the address bar via the dashboard’s “Open in new Tab” button, enabling session hijacking. Affected product family includes SICK Enterprise Analytics and related SICK analytics dashboards (e.g., SICK Baggage...