Vulnerabilities > Sick > Icr890 4 Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-10 | CVE-2023-35696 | Exposure of Resource to Wrong Sphere vulnerability in Sick Icr890-4 Firmware Unauthenticated endpoints in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the device via HTTP requests. | 7.5 |
| 2023-07-10 | CVE-2023-35697 | Improper Restriction of Excessive Authentication Attempts vulnerability in Sick Icr890-4 Firmware Improper Restriction of Excessive Authentication Attempts in the SICK ICR890-4 could allow a remote attacker to brute-force user credentials. | 7.5 |
| 2023-07-10 | CVE-2023-35698 | Information Exposure Through Discrepancy vulnerability in Sick Icr890-4 Firmware Observable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify valid usernames for the FTP server from the response given during a failed login attempt. | 5.3 |
| 2023-07-10 | CVE-2023-35699 | Cleartext Storage of Sensitive Information vulnerability in Sick Icr890-4 Firmware Cleartext Storage on Disk in the SICK ICR890-4 could allow an unauthenticated attacker with local access to the device to disclose sensitive information by accessing a SD card. | 4.6 |
| 2023-07-10 | CVE-2023-3270 | Exposure of Resource to Wrong Sphere vulnerability in Sick Icr890-4 Firmware Exposure of Sensitive Information to an Unauthorized Actor in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the system. | 7.5 |
| 2023-07-10 | CVE-2023-3271 | Unspecified vulnerability in Sick Icr890-4 Firmware Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to gather information about the system and download data via the REST API by accessing unauthenticated endpoints. | 7.5 |
| 2023-07-10 | CVE-2023-3272 | Cleartext Transmission of Sensitive Information vulnerability in Sick Icr890-4 Firmware Cleartext Transmission of Sensitive Information in the SICK ICR890-4 could allow a remote attacker to gather sensitive information by intercepting network traffic that is not encrypted. | 7.5 |
| 2023-07-10 | CVE-2023-3273 | Unspecified vulnerability in Sick Icr890-4 Firmware Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to affect the availability of the device by changing settings of the device such as the IP address based on missing access control. | 7.5 |