CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-27577
https://notcve.org/view.php?id=CVE-2022-27577
11 Apr 2022 — The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise services on the MSC800. SICK has released a new firmware version of the SICK MSC800 and recommends updating to the newest version. Una vulnerabilidad en el MSC800 en todas las versiones anteriores a 4.15 permite a un atac... • https://sick.com/psirt • CWE-330: Use of Insufficiently Random Values CWE-342: Predictable Exact Value from Previous Values •
CVSS: 7.5EPSS: 0%CPEs: 64EXPL: 0CVE-2020-2075
https://notcve.org/view.php?id=CVE-2020-2075
31 Aug 2020 — Platform mechanism AutoIP allows remote attackers to reboot the device via a crafted packet in SICK AG solutions Bulkscan LMS111, Bulkscan LMS511, CLV62x – CLV65x, ICR890-3, LMS10x, LMS11x, LMS15x, LMS12x, LMS13x, LMS14x, LMS5xx, LMS53x, MSC800, RFH. El mecanismo de plataforma AutoIP permite a atacantes remotos reiniciar el dispositivo por medio de un paquete diseñado en las soluciones de SICK AG Bulkscan LMS111, Bulkscan LMS511, CLV62x - CLV65x, ICR890-3, LMS10x, LMS11x, LMS15x, LMS12x, LMS13x, LMS14x, LMS... • https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories • CWE-703: Improper Check or Handling of Exceptional Conditions CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2019-10979
https://notcve.org/view.php?id=CVE-2019-10979
01 Jul 2019 — SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password. SICK MSC800 en todas las versiones anteriores a la versión 4.0, las versiones de firmware afectadas contienen una contraseña de cuenta de cliente codificada. • http://www.securityfocus.com/bid/108924 • CWE-798: Use of Hard-coded Credentials •