Vulnerabilities > Sick
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-15 | CVE-2023-23450 | Improper Authentication vulnerability in Sick products Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to use a password hash instead of an actual password to login to a valid user account via the REST interface. | 9.8 |
| 2023-05-15 | CVE-2023-31408 | Cleartext Storage of Sensitive Information vulnerability in Sick products Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to potentially steal user credentials that are stored in the user’s browsers local storage via cross-site-scripting attacks. | 7.5 |
| 2023-05-15 | CVE-2023-31409 | Resource Exhaustion vulnerability in Sick products Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an remote attacker to influence the availability of the webserver by invocing a Slowloris style attack via HTTP requests. | 7.5 |
| 2023-05-12 | CVE-2023-23444 | Missing Authentication for Critical Function vulnerability in Sick products Missing Authentication for Critical Function in SICK Flexi Classic and Flexi Soft Gateways with Partnumbers 1042193, 1042964, 1044078, 1044072, 1044073, 1044074, 1099830, 1099832, 1127717, 1069070, 1112296, 1051432, 1102420, 1127487, 1121596, 1121597 allows an unauthenticated remote attacker to influence the availability of the device by changing the IP settings of the device via broadcasted UDP packets. | 8.2 |
| 2023-04-19 | CVE-2023-23451 | Missing Authentication for Critical Function vulnerability in Sick products The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW. | 9.8 |
| 2023-02-20 | CVE-2023-23452 | Missing Authentication for Critical Function vulnerability in Sick Fx0-Gpnt00000 Firmware and Fx0-Gpnt00010 Firmware Missing Authentication for Critical Function in SICK FX0-GPNT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000. | 9.8 |
| 2023-02-20 | CVE-2023-23453 | Missing Authentication for Critical Function vulnerability in Sick Fx0-Gent00000 Firmware and Fx0-Gent00010 Firmware Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000. | 9.8 |
| 2022-12-16 | CVE-2022-47377 | Missing Authentication for Critical Function vulnerability in Sick Sim2000 Firmware 1.2.0 Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 with firmware version <1.13.4 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. | 9.8 |
| 2022-12-13 | CVE-2022-27581 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Sick products Use of a Broken or Risky Cryptographic Algorithm in SICK RFU61x firmware version <v2.25 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. | 6.5 |
| 2022-12-13 | CVE-2022-46832 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Sick products Use of a Broken or Risky Cryptographic Algorithm in SICK RFU62x firmware version < 2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. | 6.5 |