Vulnerabilities > Sick > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-09 | CVE-2023-43696 | Unrestricted Upload of File with Dangerous Type vulnerability in Sick Apu0200 Firmware Improper Access Control in SICK APU allows an unprivileged remote attacker to download as well as upload arbitrary files via anonymous access to the FTP server. | 9.8 |
| 2023-09-29 | CVE-2023-5288 | Unspecified vulnerability in Sick Sim1012-0P0G200 Firmware A remote unauthorized attacker may connect to the SIM1012, interact with the device and change configuration settings. | 9.8 |
| 2023-06-19 | CVE-2023-31411 | Missing Authentication for Critical Function vulnerability in Sick Eventcam APP A remote unprivileged attacker can modify and access configuration settings on the EventCam App due to the absence of API authentication. | 9.8 |
| 2023-05-15 | CVE-2023-23450 | Improper Authentication vulnerability in Sick products Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to use a password hash instead of an actual password to login to a valid user account via the REST interface. | 9.8 |
| 2023-04-19 | CVE-2023-23451 | Missing Authentication for Critical Function vulnerability in Sick products The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW. | 9.8 |
| 2023-02-20 | CVE-2023-23452 | Missing Authentication for Critical Function vulnerability in Sick Fx0-Gpnt00000 Firmware and Fx0-Gpnt00010 Firmware Missing Authentication for Critical Function in SICK FX0-GPNT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000. | 9.8 |
| 2023-02-20 | CVE-2023-23453 | Missing Authentication for Critical Function vulnerability in Sick Fx0-Gent00000 Firmware and Fx0-Gent00010 Firmware Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000. | 9.8 |
| 2022-11-01 | CVE-2022-27582 | Missing Authentication for Critical Function vulnerability in Sick products Password recovery vulnerability in SICK SIM4000 (PPC) Partnumber 1078787 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. | 9.8 |
| 2022-11-01 | CVE-2022-27584 | Missing Authentication for Critical Function vulnerability in Sick Sim2000St Firmware Password recovery vulnerability in SICK SIM2000ST Partnumber 1080579 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. | 9.8 |
| 2022-11-01 | CVE-2022-27585 | Missing Authentication for Critical Function vulnerability in Sick Sim1000 FX Firmware Password recovery vulnerability in SICK SIM1000 FX Partnumber 1097816 and 1097817 with firmware version <1.6.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. | 9.8 |