Vulnerabilities > Sick
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-01 | CVE-2022-27586 | Missing Authentication for Critical Function vulnerability in Sick Sim1004-0P0G311 Firmware Password recovery vulnerability in SICK SIM1004 Partnumber 1098148 with firmware version <2.0.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. | 9.8 |
| 2022-11-01 | CVE-2022-43989 | Missing Authentication for Critical Function vulnerability in Sick Sim2000-2P04G10 Firmware and Sim2500-2P03G10 Firmware Password recovery vulnerability in SICK SIM2x00 (ARM) Partnumber 1092673 and 1081902 with firmware version < 1.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. | 7.3 |
| 2022-11-01 | CVE-2022-43990 | Missing Authentication for Critical Function vulnerability in Sick Sim1012-0P0G200 Firmware Password recovery vulnerability in SICK SIM1012 Partnumber 1098146 with firmware version <2.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. | 7.3 |
| 2022-10-31 | CVE-2022-27583 | Unspecified vulnerability in Sick Flx3-Cpuc1 Firmware and Flx3-Cpuc2 Firmware A remote unprivileged attacker can interact with the configuration interface of a Flexi-Compact FLX3-CPUC1 or FLX3-CPUC2 running an affected firmware version to potentially impact the availability of the FlexiCompact. | 9.1 |
| 2022-04-11 | CVE-2022-27577 | Use of Insufficiently Random Values vulnerability in Sick Msc800 Firmware 4.0/4.10 The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. | 6.4 |
| 2022-04-11 | CVE-2022-27578 | Unspecified vulnerability in Sick Overall Equipment Effectiveness 0.5.1 An attacker can perform a privilege escalation through the SICK OEE if the application is installed in a directory where non authenticated or low privilege users can modify its content. | 4.6 |
| 2022-04-01 | CVE-2021-32503 | Resource Exhaustion vulnerability in Sick Ftmg Firmware 2.8 Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. | 4.9 |
| 2021-12-17 | CVE-2021-32497 | Unspecified vulnerability in Sick Sopas Engineering Tool SICK SOPAS ET before version 4.8.0 allows attackers to wrap any executable file into an SDD and provide this to a SOPAS ET user. | 9.3 |
| 2021-12-17 | CVE-2021-32498 | Path Traversal vulnerability in Sick Sopas Engineering Tool SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the pathname of the emulator and use path traversal to run an arbitrary executable located on the host system. | 9.3 |
| 2021-12-17 | CVE-2021-32499 | Injection vulnerability in Sick Sopas Engineering Tool SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the command line arguments to pass in any value to the Emulator executable. | 5.0 |