Vulnerabilities > Sick
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-19 | CVE-2022-27580 | Deserialization of Untrusted Data vulnerability in Sick Safety Designer A deserialization vulnerability in a .NET framework class used and not properly checked by Safety Designer all versions up to and including 1.11.0 allows an attacker to craft malicious project files. | 7.8 |
| 2022-07-19 | CVE-2021-32504 | Missing Authorization vulnerability in Sick Ftmg Firmware Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. | 5.3 |
| 2022-04-11 | CVE-2022-27577 | Use of Insufficiently Random Values vulnerability in Sick Msc800 Firmware 4.0/4.10 The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. | 9.1 |
| 2022-04-11 | CVE-2022-27578 | Unspecified vulnerability in Sick Overall Equipment Effectiveness 0.5.1 An attacker can perform a privilege escalation through the SICK OEE if the application is installed in a directory where non authenticated or low privilege users can modify its content. | 7.8 |
| 2022-04-01 | CVE-2021-32503 | Resource Exhaustion vulnerability in Sick Ftmg Firmware 2.8 Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. | 4.9 |
| 2021-12-17 | CVE-2021-32497 | Unspecified vulnerability in Sick Sopas Engineering Tool SICK SOPAS ET before version 4.8.0 allows attackers to wrap any executable file into an SDD and provide this to a SOPAS ET user. | 8.6 |
| 2021-12-17 | CVE-2021-32498 | Path Traversal vulnerability in Sick Sopas Engineering Tool SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the pathname of the emulator and use path traversal to run an arbitrary executable located on the host system. | 8.6 |
| 2021-12-17 | CVE-2021-32499 | Injection vulnerability in Sick Sopas Engineering Tool SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the command line arguments to pass in any value to the Emulator executable. | 7.5 |
| 2021-06-28 | CVE-2021-32496 | Inadequate Encryption Strength vulnerability in Sick Visionary-S CX Firmware SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inadequate Encryption Strength vulnerability concerning the internal SSH interface solely used by SICK for recovering returned devices. | 5.3 |
| 2020-08-31 | CVE-2020-2075 | Improper Handling of Exceptional Conditions vulnerability in Sick products Platform mechanism AutoIP allows remote attackers to reboot the device via a crafted packet in SICK AG solutions Bulkscan LMS111, Bulkscan LMS511, CLV62x – CLV65x, ICR890-3, LMS10x, LMS11x, LMS15x, LMS12x, LMS13x, LMS14x, LMS5xx, LMS53x, MSC800, RFH. | 7.5 |