CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32498
https://notcve.org/view.php?id=CVE-2021-32498
17 Dec 2021 — SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the pathname of the emulator and use path traversal to run an arbitrary executable located on the host system. When the user starts the emulator from SOPAS ET the corresponding executable will be started instead of the emulator SICK SOPAS ET versiones anteriores a 4.8.0, permite a atacantes manipular el nombre de la ruta del emulador y usar un salto de ruta para correr un ejecutable arbitrario ubicado en el sistema anfitrión. Cuando el usuari... • https://sick.com/psirt#advisories • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32497
https://notcve.org/view.php?id=CVE-2021-32497
17 Dec 2021 — SICK SOPAS ET before version 4.8.0 allows attackers to wrap any executable file into an SDD and provide this to a SOPAS ET user. When a user starts the emulator the executable is run without further checks. SICK SOPAS ET versiones anteriores a 4.8.0 permite a atacantes envolver cualquier archivo ejecutable en un SDD y proporcionarlo a un usuario de SOPAS ET. Cuando un usuario inicia el emulador, el ejecutable es corrido sin más comprobaciones • https://sick.com/psirt#advisories •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-32496
https://notcve.org/view.php?id=CVE-2021-32496
28 Jun 2021 — SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inadequate Encryption Strength vulnerability concerning the internal SSH interface solely used by SICK for recovering returned devices. The use of weak ciphers make it easier for an attacker to break the security that protects information transmitted from the client to the SSH server, assuming the attacker has access to the network on which the device is connected. This can increase the risk that encryption will be compromised, leading to the... • https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories • CWE-326: Inadequate Encryption Strength •
CVSS: 7.5EPSS: 0%CPEs: 64EXPL: 0CVE-2020-2075
https://notcve.org/view.php?id=CVE-2020-2075
31 Aug 2020 — Platform mechanism AutoIP allows remote attackers to reboot the device via a crafted packet in SICK AG solutions Bulkscan LMS111, Bulkscan LMS511, CLV62x – CLV65x, ICR890-3, LMS10x, LMS11x, LMS15x, LMS12x, LMS13x, LMS14x, LMS5xx, LMS53x, MSC800, RFH. El mecanismo de plataforma AutoIP permite a atacantes remotos reiniciar el dispositivo por medio de un paquete diseñado en las soluciones de SICK AG Bulkscan LMS111, Bulkscan LMS511, CLV62x - CLV65x, ICR890-3, LMS10x, LMS11x, LMS15x, LMS12x, LMS13x, LMS14x, LMS... • https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories • CWE-703: Improper Check or Handling of Exceptional Conditions CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2078
https://notcve.org/view.php?id=CVE-2020-2078
29 Jul 2020 — Passwords are stored in plain text within the configuration of SICK Package Analytics software up to and including V04.1.1. An authorized attacker could access these stored plaintext credentials and gain access to the ftp service. Storing a password in plaintext allows attackers to easily gain access to systems, potentially compromising personal information or other sensitive information. Las contraseñas son almacenadas en texto plano dentro de la configuración del software SICK Package Analytics versiones ... • https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2077
https://notcve.org/view.php?id=CVE-2020-2077
29 Jul 2020 — SICK Package Analytics software up to and including version V04.0.0 are vulnerable due to incorrect default permissions settings. An unauthorized attacker could read sensitive data from the system by querying for known files using the REST API directly. El software SICK Package Analytics versiones hasta V04.0.0 incluyéndola, es vulnerable debido a una configuración de permisos predeterminada incorrecta. Un atacante no autorizado podría leer datos confidenciales del sistema al consultar archivos conocidos us... • https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories • CWE-276: Incorrect Default Permissions •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2076
https://notcve.org/view.php?id=CVE-2020-2076
29 Jul 2020 — SICK Package Analytics software up to and including version V04.0.0 are vulnerable to an authentication bypass by directly interfacing with the REST API. An attacker can send unauthorized requests, bypass current authentication controls presented by the application and could potentially write files without authentication. El software SICK Package Analytics versiones hasta V04.0.0 incluyéndola, es vulnerable a una omisión de autenticación al interactuar directamente con la API REST. Un atacante puede enviar ... • https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-14753
https://notcve.org/view.php?id=CVE-2019-14753
24 Sep 2019 — SICK FX0-GPNT00000 and FX0-GENT00000 devices through 3.4.0 have a Buffer Overflow Los dispositivos SICK FX0-GPNT00000 y FX0-GENT00000 hasta la versión 3.4.0 tienen un Desbordamiento de Búfer. • https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2019-10979
https://notcve.org/view.php?id=CVE-2019-10979
01 Jul 2019 — SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password. SICK MSC800 en todas las versiones anteriores a la versión 4.0, las versiones de firmware afectadas contienen una contraseña de cuenta de cliente codificada. • http://www.securityfocus.com/bid/108924 • CWE-798: Use of Hard-coded Credentials •