CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-27585
https://notcve.org/view.php?id=CVE-2022-27585
01 Nov 2022 — Password recovery vulnerability in SICK SIM1000 FX Partnumber 1097816 and 1097817 with firmware version <1.6.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution ... • https://sick.com/psirt • CWE-306: Missing Authentication for Critical Function •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-27586
https://notcve.org/view.php?id=CVE-2022-27586
01 Nov 2022 — Password recovery vulnerability in SICK SIM1004 Partnumber 1098148 with firmware version <2.0.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update th... • https://sick.com/psirt • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.4EPSS: 0%CPEs: 4EXPL: 0CVE-2022-27583
https://notcve.org/view.php?id=CVE-2022-27583
31 Oct 2022 — A remote unprivileged attacker can interact with the configuration interface of a Flexi-Compact FLX3-CPUC1 or FLX3-CPUC2 running an affected firmware version to potentially impact the availability of the FlexiCompact. Un atacante remoto sin privilegios puede interactuar con la interfaz de configuración de un Flexi-Compact FLX3-CPUC1 o FLX3-CPUC2 que ejecuta una versión de firmware afectada para afectar potencialmente la disponibilidad del FlexiCompact. • https://sick.com/psirt • CWE-285: Improper Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27580
https://notcve.org/view.php?id=CVE-2022-27580
19 Jul 2022 — A deserialization vulnerability in a .NET framework class used and not properly checked by Safety Designer all versions up to and including 1.11.0 allows an attacker to craft malicious project files. Opening/importing such a malicious project file would execute arbitrary code with the privileges of the current user when opened or imported by the Safety Designer. This compromises confidentiality integrity and availability. For the attack to succeed a user must manually open a malicious project file. Una vuln... • https://sick.com/psirt • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-27579
https://notcve.org/view.php?id=CVE-2022-27579
19 Jul 2022 — A deserialization vulnerability in a .NET framework class used and not properly checked by Flexi Soft Designer in all versions up to and including 1.9.4 SP1 allows an attacker to craft malicious project files. Opening/importing such a malicious project file would execute arbitrary code with the privileges of the current user when opened or imported by the Flexi Soft Designer. This compromises confidentiality integrity and availability. For the attack to succeed a user must manually open a malicious project ... • https://sick.com/psirt • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-32504
https://notcve.org/view.php?id=CVE-2021-32504
19 Jul 2022 — Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch further attacks on the system. Los usuarios no autenticados pueden acceder a URLs web confidenciales mediante una petición GET, que debería estar restringida sólo a los usuarios de mantenimiento. Un atacante malicioso podría usar esta información confidencial para lanzar otros ataques al sistema. • https://sick.com/psirt • CWE-862: Missing Authorization •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-27577
https://notcve.org/view.php?id=CVE-2022-27577
11 Apr 2022 — The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise services on the MSC800. SICK has released a new firmware version of the SICK MSC800 and recommends updating to the newest version. Una vulnerabilidad en el MSC800 en todas las versiones anteriores a 4.15 permite a un atac... • https://sick.com/psirt • CWE-330: Use of Insufficiently Random Values CWE-342: Predictable Exact Value from Previous Values •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27578
https://notcve.org/view.php?id=CVE-2022-27578
11 Apr 2022 — An attacker can perform a privilege escalation through the SICK OEE if the application is installed in a directory where non authenticated or low privilege users can modify its content. Un atacante puede llevar a cabo una escalada de privilegios mediante la OEE de SICK si la aplicación se instala en un directorio donde los usuarios no autenticados o con pocos privilegios pueden modificar su contenido • https://sick.com/psirt • CWE-250: Execution with Unnecessary Privileges •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2021-32503
https://notcve.org/view.php?id=CVE-2021-32503
01 Apr 2022 — Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch further attacks on the system. Los usuarios no autenticados pueden acceder a URLs web confidenciales mediante una petición GET, que debería estar restringida sólo a usuarios de mantenimiento. Un atacante malicioso podría usar esta información confidencial para lanzar otros ataques al sistema • https://sick.com/psirt • CWE-400: Uncontrolled Resource Consumption CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32499
https://notcve.org/view.php?id=CVE-2021-32499
17 Dec 2021 — SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the command line arguments to pass in any value to the Emulator executable. SICK SOPAS ET versiones anteriores a 4.8.0, permite a atacantes manipular los argumentos de la línea de comandos para pasar cualquier valor al ejecutable del emulador • https://sick.com/psirt#advisories • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •