Vulnerabilities > Sick > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-01 | CVE-2022-43989 | Missing Authentication for Critical Function vulnerability in Sick Sim2000-2P04G10 Firmware and Sim2500-2P03G10 Firmware Password recovery vulnerability in SICK SIM2x00 (ARM) Partnumber 1092673 and 1081902 with firmware version < 1.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. | 7.3 |
| 2022-11-01 | CVE-2022-43990 | Missing Authentication for Critical Function vulnerability in Sick Sim1012-0P0G200 Firmware Password recovery vulnerability in SICK SIM1012 Partnumber 1098146 with firmware version <2.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. | 7.3 |
| 2022-07-19 | CVE-2022-27579 | Deserialization of Untrusted Data vulnerability in Sick Flexi Soft Designer A deserialization vulnerability in a .NET framework class used and not properly checked by Flexi Soft Designer in all versions up to and including 1.9.4 SP1 allows an attacker to craft malicious project files. | 7.8 |
| 2022-07-19 | CVE-2022-27580 | Deserialization of Untrusted Data vulnerability in Sick Safety Designer A deserialization vulnerability in a .NET framework class used and not properly checked by Safety Designer all versions up to and including 1.11.0 allows an attacker to craft malicious project files. | 7.8 |
| 2022-04-11 | CVE-2022-27578 | Unspecified vulnerability in Sick Overall Equipment Effectiveness 0.5.1 An attacker can perform a privilege escalation through the SICK OEE if the application is installed in a directory where non authenticated or low privilege users can modify its content. | 7.8 |
| 2021-12-17 | CVE-2021-32497 | Unspecified vulnerability in Sick Sopas Engineering Tool SICK SOPAS ET before version 4.8.0 allows attackers to wrap any executable file into an SDD and provide this to a SOPAS ET user. | 8.6 |
| 2021-12-17 | CVE-2021-32498 | Path Traversal vulnerability in Sick Sopas Engineering Tool SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the pathname of the emulator and use path traversal to run an arbitrary executable located on the host system. | 8.6 |
| 2021-12-17 | CVE-2021-32499 | Injection vulnerability in Sick Sopas Engineering Tool SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the command line arguments to pass in any value to the Emulator executable. | 7.5 |
| 2020-08-31 | CVE-2020-2075 | Improper Handling of Exceptional Conditions vulnerability in Sick products Platform mechanism AutoIP allows remote attackers to reboot the device via a crafted packet in SICK AG solutions Bulkscan LMS111, Bulkscan LMS511, CLV62x – CLV65x, ICR890-3, LMS10x, LMS11x, LMS15x, LMS12x, LMS13x, LMS14x, LMS5xx, LMS53x, MSC800, RFH. | 7.5 |
| 2020-07-29 | CVE-2020-2077 | Incorrect Default Permissions vulnerability in Sick Package Analytics 04.0.0 SICK Package Analytics software up to and including version V04.0.0 are vulnerable due to incorrect default permissions settings. | 7.5 |