Filtered by vendor Sick Subscriptions
Filtered by product Apu0200 Firmware Subscriptions
Total 9 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-5101 1 Sick 2 Apu0200, Apu0200 Firmware 2024-12-09 5.3 Medium
Files or Directories Accessible to External Parties in RDT400 in SICK APU allows an unprivileged remote attacker to download various files from the server via HTTP requests.
CVE-2023-5102 1 Sick 2 Apu0200, Apu0200 Firmware 2024-12-09 5.3 Medium
Insufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden functionality via HTTP requests.
CVE-2023-43699 1 Sick 2 Apu0200, Apu0200 Firmware 2024-12-09 7.5 High
Improper Restriction of Excessive Authentication Attempts in RDT400 in SICK APU allows an unprivileged remote attacker to guess the password via trial-and-error as the login attempts are not limited.
CVE-2023-43697 1 Sick 2 Apu0200, Apu0200 Firmware 2024-12-09 6.5 Medium
Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP requests.
CVE-2023-5103 1 Sick 2 Apu0200, Apu0200 Firmware 2024-11-21 4.3 Medium
Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user into clicking on an actionable item using an iframe.
CVE-2023-5100 1 Sick 2 Apu0200, Apu0200 Firmware 2024-11-21 5.9 Medium
Cleartext Transmission of Sensitive Information in RDT400 in SICK APU allows an unprivileged remote attacker to retrieve potentially sensitive information via intercepting network traffic that is not encrypted.
CVE-2023-43700 1 Sick 3 Apu0200, Apu0200 Firmware, Rdt400 2024-11-21 7.7 High
Missing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data via HTTP requests that no not require authentication.
CVE-2023-43698 1 Sick 2 Apu0200, Apu0200 Firmware 2024-11-21 7.1 High
Improper Neutralization of Input During Web Page Generation (’Cross-site Scripting’) in RDT400 in SICK APU allows an unprivileged remote attacker to run arbitrary code in the clients browser via injecting code into the website.
CVE-2023-43696 1 Sick 2 Apu0200, Apu0200 Firmware 2024-11-21 8.2 High
Improper Access Control in SICK APU allows an unprivileged remote attacker to download as well as upload arbitrary files via anonymous access to the FTP server.