Filtered by vendor Sick Subscriptions
Total 72 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-32499 1 Sick 1 Sopas Engineering Tool 2024-11-21 7.5 High
SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the command line arguments to pass in any value to the Emulator executable.
CVE-2021-32498 1 Sick 1 Sopas Engineering Tool 2024-11-21 8.6 High
SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the pathname of the emulator and use path traversal to run an arbitrary executable located on the host system. When the user starts the emulator from SOPAS ET the corresponding executable will be started instead of the emulator
CVE-2021-32497 1 Sick 1 Sopas Engineering Tool 2024-11-21 8.6 High
SICK SOPAS ET before version 4.8.0 allows attackers to wrap any executable file into an SDD and provide this to a SOPAS ET user. When a user starts the emulator the executable is run without further checks.
CVE-2021-32496 1 Sick 2 Visionary-s Cx, Visionary-s Cx Firmware 2024-11-21 5.3 Medium
SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inadequate Encryption Strength vulnerability concerning the internal SSH interface solely used by SICK for recovering returned devices. The use of weak ciphers make it easier for an attacker to break the security that protects information transmitted from the client to the SSH server, assuming the attacker has access to the network on which the device is connected. This can increase the risk that encryption will be compromised, leading to the exposure of sensitive user information and man-in-the-middle attacks.
CVE-2020-2078 1 Sick 1 Package Analytics 2024-11-21 6.5 Medium
Passwords are stored in plain text within the configuration of SICK Package Analytics software up to and including V04.1.1. An authorized attacker could access these stored plaintext credentials and gain access to the ftp service. Storing a password in plaintext allows attackers to easily gain access to systems, potentially compromising personal information or other sensitive information.
CVE-2020-2077 1 Sick 1 Package Analytics 2024-11-21 7.5 High
SICK Package Analytics software up to and including version V04.0.0 are vulnerable due to incorrect default permissions settings. An unauthorized attacker could read sensitive data from the system by querying for known files using the REST API directly.
CVE-2020-2076 1 Sick 1 Package Analytics 2024-11-21 9.8 Critical
SICK Package Analytics software up to and including version V04.0.0 are vulnerable to an authentication bypass by directly interfacing with the REST API. An attacker can send unauthorized requests, bypass current authentication controls presented by the application and could potentially write files without authentication.
CVE-2020-2075 1 Sick 60 Clv620, Clv620 Firmware, Clv621 and 57 more 2024-11-21 7.5 High
Platform mechanism AutoIP allows remote attackers to reboot the device via a crafted packet in SICK AG solutions Bulkscan LMS111, Bulkscan LMS511, CLV62x – CLV65x, ICR890-3, LMS10x, LMS11x, LMS15x, LMS12x, LMS13x, LMS14x, LMS5xx, LMS53x, MSC800, RFH.
CVE-2019-14753 1 Sick 4 Fx0-gent00000, Fx0-gent00000 Firmware, Fx0-gpnt00000 and 1 more 2024-11-21 7.5 High
SICK FX0-GPNT00000 and FX0-GENT00000 devices through 3.4.0 have a Buffer Overflow
CVE-2019-10979 1 Sick 2 Msc800, Msc800 Firmware 2024-11-21 N/A
SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password.
CVE-2024-10025 1 Sick 52 Clv620 Firmware, Clv621 Firmware, Clv622 Firmware and 49 more 2024-10-18 9.1 Critical
A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an “Authorized Client” if the customer has not changed the default password.
CVE-2024-8751 1 Sick 1 Msc800 Firmware 2024-09-13 7.5 High
A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product’s IP address over Sopas ET. This can lead to Denial of Service. Users are recommended to upgrade both MSC800 and MSC800 LFT to version V4.26 and S2.93.20 respectively which fixes this issue.