Filtered by vendor Sick
Subscribe
Total
65 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-23453 | 1 Sick | 4 Fx0-gent00000, Fx0-gent00000 Firmware, Fx0-gent00010 and 1 more | 2023-03-02 | N/A | 9.8 CRITICAL |
| Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000. | |||||
| CVE-2023-23452 | 1 Sick | 4 Fx0-gpnt00000, Fx0-gpnt00000 Firmware, Fx0-gpnt00010 and 1 more | 2023-03-02 | N/A | 9.8 CRITICAL |
| Missing Authentication for Critical Function in SICK FX0-GPNT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000. | |||||
| CVE-2021-32503 | 1 Sick | 2 Ftmg, Ftmg Firmware | 2023-01-24 | 4.0 MEDIUM | 4.9 MEDIUM |
| Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch further attacks on the system. | |||||
| CVE-2022-47377 | 1 Sick | 2 Sim2000 Firmware, Sim2000st | 2022-12-21 | N/A | 9.8 CRITICAL |
| Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 with firmware version <1.13.4 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 1.13.4 as soon as possible (available in SICK Support Portal). | |||||
| CVE-2022-27584 | 1 Sick | 2 Sim2000st, Sim2000st Firmware | 2022-12-16 | N/A | 9.8 CRITICAL |
| Password recovery vulnerability in SICK SIM2000ST Partnumber 1080579 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The firmware versions <=1.7.0 allow to optionally disable device configuration over the network interfaces. Please make sure that you apply general security practices when operating the SIM2000ST. A fix is planned but not yet scheduled. | |||||
| CVE-2022-27582 | 1 Sick | 14 Sim1000 Fx, Sim1000 Fx Firmware, Sim1004 and 11 more | 2022-12-16 | N/A | 9.8 CRITICAL |
| Password recovery vulnerability in SICK SIM4000 (PPC) Partnumber 1078787 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The firmware versions <=1.10.1 allow to optionally disable device configuration over the network interfaces. Please make sure that you apply general security practices when operating the SIM4000. A fix is planned but not yet scheduled. | |||||
| CVE-2022-46834 | 1 Sick | 14 Rfu650-10100, Rfu650-10100 Firmware, Rfu650-10101 and 11 more | 2022-12-15 | N/A | 6.5 MEDIUM |
| Use of a Broken or Risky Cryptographic Algorithm in SICK RFU65x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person. | |||||
| CVE-2022-46833 | 1 Sick | 48 Rfu630-04100, Rfu630-04100 Firmware, Rfu630-04100s01 and 45 more | 2022-12-15 | N/A | 6.5 MEDIUM |
| Use of a Broken or Risky Cryptographic Algorithm in SICK RFU63x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person. | |||||
| CVE-2022-46832 | 1 Sick | 42 Rfu620-10100, Rfu620-10100 Firmware, Rfu620-10101 and 39 more | 2022-12-15 | N/A | 6.5 MEDIUM |
| Use of a Broken or Risky Cryptographic Algorithm in SICK RFU62x firmware version < 2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person. | |||||
| CVE-2022-27581 | 1 Sick | 24 Rfu610-10600, Rfu610-10600 Firmware, Rfu610-10601 and 21 more | 2022-12-15 | N/A | 6.5 MEDIUM |
| Use of a Broken or Risky Cryptographic Algorithm in SICK RFU61x firmware version <v2.25 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person. | |||||
| CVE-2022-27579 | 1 Sick | 1 Flexi Soft Designer | 2022-07-27 | N/A | 7.8 HIGH |
| A deserialization vulnerability in a .NET framework class used and not properly checked by Flexi Soft Designer in all versions up to and including 1.9.4 SP1 allows an attacker to craft malicious project files. Opening/importing such a malicious project file would execute arbitrary code with the privileges of the current user when opened or imported by the Flexi Soft Designer. This compromises confidentiality integrity and availability. For the attack to succeed a user must manually open a malicious project file. | |||||
| CVE-2022-27580 | 1 Sick | 1 Safety Designer | 2022-07-27 | N/A | 7.8 HIGH |
| A deserialization vulnerability in a .NET framework class used and not properly checked by Safety Designer all versions up to and including 1.11.0 allows an attacker to craft malicious project files. Opening/importing such a malicious project file would execute arbitrary code with the privileges of the current user when opened or imported by the Safety Designer. This compromises confidentiality integrity and availability. For the attack to succeed a user must manually open a malicious project file. | |||||
| CVE-2021-32504 | 1 Sick | 2 Ftmg, Ftmg Firmware | 2022-07-27 | N/A | 5.3 MEDIUM |
| Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch further attacks on the system. | |||||
| CVE-2021-32499 | 1 Sick | 1 Sopas Engineering Tool | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the command line arguments to pass in any value to the Emulator executable. | |||||
| CVE-2022-27578 | 1 Sick | 1 Overall Equipment Effectiveness | 2022-04-19 | 4.6 MEDIUM | 7.8 HIGH |
| An attacker can perform a privilege escalation through the SICK OEE if the application is installed in a directory where non authenticated or low privilege users can modify its content. | |||||
| CVE-2022-27577 | 1 Sick | 2 Msc800, Msc800 Firmware | 2022-04-18 | 6.4 MEDIUM | 9.1 CRITICAL |
| The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise services on the MSC800. SICK has released a new firmware version of the SICK MSC800 and recommends updating to the newest version. | |||||
| CVE-2021-32498 | 1 Sick | 1 Sopas Engineering Tool | 2021-12-27 | 9.3 HIGH | 8.6 HIGH |
| SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the pathname of the emulator and use path traversal to run an arbitrary executable located on the host system. When the user starts the emulator from SOPAS ET the corresponding executable will be started instead of the emulator | |||||
| CVE-2021-32497 | 1 Sick | 1 Sopas Engineering Tool | 2021-12-27 | 9.3 HIGH | 8.6 HIGH |
| SICK SOPAS ET before version 4.8.0 allows attackers to wrap any executable file into an SDD and provide this to a SOPAS ET user. When a user starts the emulator the executable is run without further checks. | |||||
| CVE-2020-2076 | 1 Sick | 1 Package Analytics | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| SICK Package Analytics software up to and including version V04.0.0 are vulnerable to an authentication bypass by directly interfacing with the REST API. An attacker can send unauthorized requests, bypass current authentication controls presented by the application and could potentially write files without authentication. | |||||
| CVE-2021-32496 | 1 Sick | 2 Visionary-s Cx, Visionary-s Cx Firmware | 2021-07-02 | 3.5 LOW | 5.3 MEDIUM |
| SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inadequate Encryption Strength vulnerability concerning the internal SSH interface solely used by SICK for recovering returned devices. The use of weak ciphers make it easier for an attacker to break the security that protects information transmitted from the client to the SSH server, assuming the attacker has access to the network on which the device is connected. This can increase the risk that encryption will be compromised, leading to the exposure of sensitive user information and man-in-the-middle attacks. | |||||