CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-23453
https://notcve.org/view.php?id=CVE-2023-23453
20 Feb 2023 — Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000. • https://sick.com/psirt • CWE-306: Missing Authentication for Critical Function •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-47377
https://notcve.org/view.php?id=CVE-2022-47377
16 Dec 2022 — Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 with firmware version <1.13.4 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update... • https://sick.com/psirt • CWE-306: Missing Authentication for Critical Function CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 6.8EPSS: 0%CPEs: 24EXPL: 0CVE-2022-27581
https://notcve.org/view.php?id=CVE-2022-27581
13 Dec 2022 — Use of a Broken or Risky Cryptographic Algorithm in SICK RFU61x firmware version <v2.25 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person. El uso de un algoritmo criptográfico roto o riesgoso en la versión de firmware SICK RFU61x • https://sick.com/psirt • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.8EPSS: 0%CPEs: 14EXPL: 0CVE-2022-46834
https://notcve.org/view.php?id=CVE-2022-46834
13 Dec 2022 — Use of a Broken or Risky Cryptographic Algorithm in SICK RFU65x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person. Uso de un algoritmo criptográfico defectuoso o riesgoso en la versión de firmware SICK RFU65x < v2.21 permite a un atacante remoto con ... • https://sick.com/psirt • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.8EPSS: 0%CPEs: 42EXPL: 0CVE-2022-46832
https://notcve.org/view.php?id=CVE-2022-46832
13 Dec 2022 — Use of a Broken or Risky Cryptographic Algorithm in SICK RFU62x firmware version < 2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person. Uso de un algoritmo criptográfico defectuoso o riesgoso en la versión de firmware SICK RFU62x < 2.21 permite a un atacante remoto con po... • https://sick.com/psirt • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.8EPSS: 0%CPEs: 48EXPL: 0CVE-2022-46833
https://notcve.org/view.php?id=CVE-2022-46833
13 Dec 2022 — Use of a Broken or Risky Cryptographic Algorithm in SICK RFU63x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person. Uso de un algoritmo criptográfico defectuoso o riesgoso en la versión de firmware SICK RFU63x < v2.21 permite a un atacante remoto con ... • https://sick.com/psirt • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-43989
https://notcve.org/view.php?id=CVE-2022-43989
01 Nov 2022 — Password recovery vulnerability in SICK SIM2x00 (ARM) Partnumber 1092673 and 1081902 with firmware version < 1.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solut... • https://sick.com/psirt • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43990
https://notcve.org/view.php?id=CVE-2022-43990
01 Nov 2022 — Password recovery vulnerability in SICK SIM1012 Partnumber 1098146 with firmware version <2.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update th... • https://sick.com/psirt • CWE-306: Missing Authentication for Critical Function •
CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0CVE-2022-27582
https://notcve.org/view.php?id=CVE-2022-27582
01 Nov 2022 — Password recovery vulnerability in SICK SIM4000 (PPC) Partnumber 1078787 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The firmware versions <=1.10.1 allow to optionally disable devi... • https://sick.com/psirt • CWE-306: Missing Authentication for Critical Function •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-27584
https://notcve.org/view.php?id=CVE-2022-27584
01 Nov 2022 — Password recovery vulnerability in SICK SIM2000ST Partnumber 1080579 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The firmware versions <=1.7.0 allow to optionally disable device co... • https://sick.com/psirt • CWE-306: Missing Authentication for Critical Function •