Vulnerabilities > Sick
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-29 | CVE-2023-5288 | Unspecified vulnerability in Sick Sim1012-0P0G200 Firmware A remote unauthorized attacker may connect to the SIM1012, interact with the device and change configuration settings. | 9.8 |
| 2023-08-24 | CVE-2023-31412 | Use of Password Hash With Insufficient Computational Effort vulnerability in Sick Lms500 Firmware, Lms511 Firmware and Lms531 Firmware The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. | 7.5 |
| 2023-08-24 | CVE-2023-4418 | Resource Exhaustion vulnerability in Sick Lms500 Firmware, Lms511 Firmware and Lms531 Firmware A remote unprivileged attacker can sent multiple packages to the LMS5xx to disrupt its availability through a TCP SYN-based denial-of-service (DDoS) attack. | 7.5 |
| 2023-08-24 | CVE-2023-4419 | Use of Hard-coded Credentials vulnerability in Sick Lms500 Firmware, Lms511 Firmware and Lms531 Firmware The LMS5xx uses hard-coded credentials, which potentially allow low-skilled unauthorized remote attackers to reconfigure settings and /or disrupt the functionality of the device. | 8.8 |
| 2023-08-24 | CVE-2023-4420 | Missing Encryption of Sensitive Data vulnerability in Sick Lms500 Firmware, Lms511 Firmware and Lms531 Firmware A remote unprivileged attacker can intercept the communication via e.g. | 7.4 |
| 2023-07-10 | CVE-2023-35696 | Exposure of Resource to Wrong Sphere vulnerability in Sick Icr890-4 Firmware Unauthenticated endpoints in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the device via HTTP requests. | 7.5 |
| 2023-07-10 | CVE-2023-35697 | Improper Restriction of Excessive Authentication Attempts vulnerability in Sick Icr890-4 Firmware Improper Restriction of Excessive Authentication Attempts in the SICK ICR890-4 could allow a remote attacker to brute-force user credentials. | 7.5 |
| 2023-07-10 | CVE-2023-35698 | Information Exposure Through Discrepancy vulnerability in Sick Icr890-4 Firmware Observable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify valid usernames for the FTP server from the response given during a failed login attempt. | 5.3 |
| 2023-07-10 | CVE-2023-35699 | Cleartext Storage of Sensitive Information vulnerability in Sick Icr890-4 Firmware Cleartext Storage on Disk in the SICK ICR890-4 could allow an unauthenticated attacker with local access to the device to disclose sensitive information by accessing a SD card. | 4.6 |
| 2023-07-10 | CVE-2023-3270 | Exposure of Resource to Wrong Sphere vulnerability in Sick Icr890-4 Firmware Exposure of Sensitive Information to an Unauthorized Actor in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the system. | 7.5 |