MidnightBSD

Advisories for sick

CVE-2019-10979 HIGH

SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,CWE-798,

Products Affected

Vendor Product Version
sick msc800_firmware *
CVE-2019-14753 MEDIUM

SICK FX0-GPNT00000 and FX0-GENT00000 devices through 3.4.0 have a Buffer Overflow

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
sick fx0-gpnt00000_firmware *
sick fx0-gent00000_firmware *
CVE-2020-2075 MEDIUM

Platform mechanism AutoIP allows remote attackers to reboot the device via a crafted packet in SICK AG solutions Bulkscan LMS111, Bulkscan LMS511, CLV62x – CLV65x, ICR890-3, LMS10x, LMS11x, LMS15x, LMS12x, LMS13x, LMS14x, LMS5xx, LMS53x, MSC800, RFH.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-703,CWE-755,

Products Affected

Vendor Product Version
sick clv640_firmware *
sick clv620_firmware *
sick lms101_firmware *
sick lms531_firmware *
sick lms133_firmware *
sick lms111_firmware *
sick lms123_firmware *
sick clv630_firmware *
sick clv642_firmware *
sick lms151_firmware *
sick msc800_firmware *
sick clv622_firmware *
sick lms141_firmware *
sick lms142_firmware *
sick clv621_firmware *
sick clv650_firmware *
sick lms100_firmware *
sick lms153_firmware *
sick lms143_firmware *
sick lms511_firmware *
sick lms131_firmware *
sick lms122_firmware *
sick rfh_firmware *
sick icr890-3.5_firmware *
sick clv631_firmware *
sick clv651_firmware *
sick clv632_firmware *
sick lms500_firmware *
sick icr890-3_firmware *
sick lms121_firmware *
CVE-2020-2076 HIGH

SICK Package Analytics software up to and including version V04.0.0 are vulnerable to an authentication bypass by directly interfacing with the REST API. An attacker can send unauthorized requests, bypass current authentication controls presented by the application and could potentially write files without authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,

Products Affected

Vendor Product Version
sick package_analytics *
CVE-2020-2077 MEDIUM

SICK Package Analytics software up to and including version V04.0.0 are vulnerable due to incorrect default permissions settings. An unauthorized attacker could read sensitive data from the system by querying for known files using the REST API directly.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-276,

Products Affected

Vendor Product Version
sick package_analytics *
CVE-2020-2078 MEDIUM

Passwords are stored in plain text within the configuration of SICK Package Analytics software up to and including V04.1.1. An authorized attacker could access these stored plaintext credentials and gain access to the ftp service. Storing a password in plaintext allows attackers to easily gain access to systems, potentially compromising personal information or other sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,

Products Affected

Vendor Product Version
sick package_analytics *
CVE-2021-32496 LOW

SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inadequate Encryption Strength vulnerability concerning the internal SSH interface solely used by SICK for recovering returned devices. The use of weak ciphers make it easier for an attacker to break the security that protects information transmitted from the client to the SSH server, assuming the attacker has access to the network on which the device is connected. This can increase the risk that encryption will be compromised, leading to the exposure of sensitive user information and man-in-the-middle attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 1.6 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-326,

Products Affected

Vendor Product Version
sick visionary-s_cx_firmware *
CVE-2021-32497 HIGH

SICK SOPAS ET before version 4.8.0 allows attackers to wrap any executable file into an SDD and provide this to a SOPAS ET user. When a user starts the emulator the executable is run without further checks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.6 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 1.8 6.0

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sick sopas_engineering_tool *
CVE-2021-32498 HIGH

SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the pathname of the emulator and use path traversal to run an arbitrary executable located on the host system. When the user starts the emulator from SOPAS ET the corresponding executable will be started instead of the emulator

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.6 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 1.8 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
sick sopas_engineering_tool *
CVE-2021-32499 MEDIUM

SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the command line arguments to pass in any value to the Emulator executable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
sick sopas_engineering_tool *
CVE-2021-32503 MEDIUM

Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch further attacks on the system.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-862,CWE-400,

Products Affected

Vendor Product Version
sick ftmg_firmware *
sick ftmg_firmware 2.8
CVE-2021-32504

Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch further attacks on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
sick ftmg_firmware *
CVE-2022-27577 MEDIUM

The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise services on the MSC800. SICK has released a new firmware version of the SICK MSC800 and recommends updating to the newest version.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-342,CWE-330,

Products Affected

Vendor Product Version
sick msc800_firmware *
CVE-2022-27578 MEDIUM

An attacker can perform a privilege escalation through the SICK OEE if the application is installed in a directory where non authenticated or low privilege users can modify its content.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-250,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sick overall_equipment_effectiveness 0.5.1
CVE-2022-27579

A deserialization vulnerability in a .NET framework class used and not properly checked by Flexi Soft Designer in all versions up to and including 1.9.4 SP1 allows an attacker to craft malicious project files. Opening/importing such a malicious project file would execute arbitrary code with the privileges of the current user when opened or imported by the Flexi Soft Designer. This compromises confidentiality integrity and availability. For the attack to succeed a user must manually open a malicious project file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
sick flexi_soft_designer *
sick flexi_soft_designer 1.9.4
CVE-2022-27580

A deserialization vulnerability in a .NET framework class used and not properly checked by Safety Designer all versions up to and including 1.11.0 allows an attacker to craft malicious project files. Opening/importing such a malicious project file would execute arbitrary code with the privileges of the current user when opened or imported by the Safety Designer. This compromises confidentiality integrity and availability. For the attack to succeed a user must manually open a malicious project file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
sick safety_designer *
CVE-2022-27581

Use of a Broken or Risky Cryptographic Algorithm in SICK RFU61x firmware version <v2.25 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person.

Products Affected

Vendor Product Version
sick rfu610-10607_firmware *
sick rfu610-10700_firmware *
sick rfu610-10609_firmware *
sick rfu610-10613_firmware *
sick rfu610-10605_firmware *
sick rfu610-10610_firmware *
sick rfu610-10603_firmware *
sick rfu610-10614_firmware *
sick rfu610-10618_firmware *
sick rfu610-10604_firmware *
sick rfu610-10601_firmware *
sick rfu610-10600_firmware *
CVE-2022-27582

Password recovery vulnerability in SICK SIM4000 (PPC) Partnumber 1078787 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The firmware versions <=1.10.1 allow to optionally disable device configuration over the network interfaces. Please make sure that you apply general security practices when operating the SIM4000. A fix is planned but not yet scheduled.

Products Affected

Vendor Product Version
sick sim1004_firmware *
sick sim4000_firmware *
sick sim2000_firmware *
sick sim1000_fx_firmware *
sick sim1012_firmware *
sick sim2500_firmware *
sick sim2000st_firmware *
CVE-2022-27583

A remote unprivileged attacker can interact with the configuration interface of a Flexi-Compact FLX3-CPUC1 or FLX3-CPUC2 running an affected firmware version to potentially impact the availability of the FlexiCompact.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2

Products Affected

Vendor Product Version
sick flx3-cpuc1_firmware *
sick flx3-cpuc2_firmware *
CVE-2022-27584

Password recovery vulnerability in SICK SIM2000ST Partnumber 1080579 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The firmware versions <=1.7.0 allow to optionally disable device configuration over the network interfaces. Please make sure that you apply general security practices when operating the SIM2000ST. A fix is planned but not yet scheduled.

Products Affected

Vendor Product Version
sick sim2000st_firmware -
CVE-2022-27585

Password recovery vulnerability in SICK SIM1000 FX Partnumber 1097816 and 1097817 with firmware version <1.6.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 1.6.0 as soon as possible (available in SICK Support Portal).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
sick sim1000_fx_firmware *
CVE-2022-27586

Password recovery vulnerability in SICK SIM1004 Partnumber 1098148 with firmware version <2.0.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 2.0.0 as soon as possible (available in SICK Support Portal).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
sick sim1004-0p0g311_firmware *
CVE-2022-43989

Password recovery vulnerability in SICK SIM2x00 (ARM) Partnumber 1092673 and 1081902 with firmware version < 1.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 1.2.0 as soon as possible (available in SICK Support Portal).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

Products Affected

Vendor Product Version
sick sim2000-2p04g10_firmware *
sick sim2500-2p03g10_firmware *
CVE-2022-43990

Password recovery vulnerability in SICK SIM1012 Partnumber 1098146 with firmware version <2.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 2.2.0 as soon as possible (available in SICK Support Portal).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

Products Affected

Vendor Product Version
sick sim1012-0p0g200_firmware *
CVE-2022-46832

Use of a Broken or Risky Cryptographic Algorithm in SICK RFU62x firmware version < 2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person.

Products Affected

Vendor Product Version
sick rfu620-10507_firmware *
sick rfu620-10114_firmware *
sick rfu620-10100_firmware *
sick rfu620-10510_firmware *
sick rfu620-10501_firmware *
sick rfu620-10107_firmware *
sick rfu620-10503_firmware *
sick rfu620-10101_firmware *
sick rfu620-10111_firmware *
sick rfu620-10401_firmware *
sick rfu620-10104_firmware *
sick rfu620-10400_firmware *
sick rfu620-10118_firmware *
sick rfu620-10508_firmware *
sick rfu620-10105_firmware *
sick rfu620-10108_firmware *
sick rfu620-10102_firmware *
sick rfu620-10500_firmware *
sick rfu620-10514_firmware *
sick rfu620-10103_firmware *
sick rfu620-10504_firmware *
CVE-2022-46833

Use of a Broken or Risky Cryptographic Algorithm in SICK RFU63x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person.

Products Affected

Vendor Product Version
sick rfu630-13102_firmware *
sick rfu630-04100_firmware *
sick rfu630-13104_firmware *
sick rfu630-13115_firmware *
sick rfu630-04100s01_firmware *
sick rfu630-04102_firmware *
sick rfu630-04106_firmware *
sick rfu630-13107_firmware *
sick rfu630-13110_firmware *
sick rfu630-13103_firmware *
sick rfu630-13100s01_firmware *
sick rfu630-13105_firmware *
sick rfu630-13113_firmware *
sick rfu630-13108_firmware *
sick rfu630-13106_firmware *
sick rfu630-13114_firmware *
sick rfu630-04109_firmware *
sick rfu630-04117_firmware *
sick rfu630-13101_firmware *
sick rfu630-13111_firmware *
sick rfu630-04104_firmware *
sick rfu630-04101_firmware *
sick rfu630-04103_firmware *
sick rfu630-04105_firmware *
CVE-2022-46834

Use of a Broken or Risky Cryptographic Algorithm in SICK RFU65x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person.

Products Affected

Vendor Product Version
sick rfu650-10103_firmware *
sick rfu650-10105_firmware *
sick rfu650-10106_firmware *
sick rfu650-10102_firmware *
sick rfu650-10100_firmware *
sick rfu650-10101_firmware *
sick rfu650-10104_firmware *
CVE-2022-47377

Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 with firmware version <1.13.4 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 1.13.4 as soon as possible (available in SICK Support Portal).

Products Affected

Vendor Product Version
sick sim2000_firmware *
CVE-2023-23444

Missing Authentication for Critical Function in SICK Flexi Classic and Flexi Soft Gateways with Partnumbers 1042193, 1042964, 1044078, 1044072, 1044073, 1044074, 1099830, 1099832, 1127717, 1069070, 1112296, 1051432, 1102420, 1127487, 1121596, 1121597 allows an unauthenticated remote attacker to influence the availability of the device by changing the IP settings of the device via broadcasted UDP packets.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
sick fx0-gpnt00000_firmware -
sick ue410-en3_firmware -
sick fx0-gmod00010_firmware -
sick fx0-gent00010_firmware -
sick ue410-en1_firmware -
sick ue410-en4_firmware -
sick fx0-gpnt00030_firmware -
sick fx0-gpnt00010_firmware -
sick fx0-gmod00000_firmware -
sick fx0-gent00030_firmware -
sick fx0-gent00000_firmware -
CVE-2023-23445

Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to gain unauthorized access to data fields by using a therefore unpriviledged account via the REST interface.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
sick ftmg-esd25axx_firmware *
sick ftmg-esn50sxx_firmware *
sick ftmg-esr50sxx_firmware *
sick ftmg-esn40sxx_firmware *
sick ftmg-esr40sxx_firmware *
sick ftmg-esd15axx_firmware *
sick ftmg-esd20axx_firmware *
CVE-2023-23446

Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
sick ftmg-esd25axx_firmware *
sick ftmg-esn50sxx_firmware *
sick ftmg-esr50sxx_firmware *
sick ftmg-esn40sxx_firmware *
sick ftmg-esr40sxx_firmware *
sick ftmg-esd15axx_firmware *
sick ftmg-esd20axx_firmware *
CVE-2023-23447

Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to influence the availability of the webserver by invocing several open file requests via the REST interface.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
sick ftmg-esd25axx_firmware *
sick ftmg-esn50sxx_firmware *
sick ftmg-esr50sxx_firmware *
sick ftmg-esn40sxx_firmware *
sick ftmg-esr40sxx_firmware *
sick ftmg-esd15axx_firmware *
sick ftmg-esd20axx_firmware *
CVE-2023-23448

Inclusion of Sensitive Information in Source Code in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to gain information about valid usernames via analysis of source code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
sick ftmg-esd25axx_firmware *
sick ftmg-esn50sxx_firmware *
sick ftmg-esr50sxx_firmware *
sick ftmg-esn40sxx_firmware *
sick ftmg-esr40sxx_firmware *
sick ftmg-esd15axx_firmware *
sick ftmg-esd20axx_firmware *
CVE-2023-23449

Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to gain information about valid usernames by analyzing challenge responses from the server via the REST interface.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
sick ftmg-esd25axx_firmware *
sick ftmg-esn50sxx_firmware *
sick ftmg-esr50sxx_firmware *
sick ftmg-esn40sxx_firmware *
sick ftmg-esr40sxx_firmware *
sick ftmg-esd15axx_firmware *
sick ftmg-esd20axx_firmware *
CVE-2023-23450

Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to use a password hash instead of an actual password to login to a valid user account via the REST interface.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.5 3.6

Products Affected

Vendor Product Version
sick ftmg-esd25axx_firmware *
sick ftmg-esn50sxx_firmware *
sick ftmg-esr50sxx_firmware *
sick ftmg-esn40sxx_firmware *
sick ftmg-esr40sxx_firmware *
sick ftmg-esd15axx_firmware *
sick ftmg-esd20axx_firmware *
CVE-2023-23451

The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN1 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN3S04 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN4 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK FX0-GENT00000 FLEXISOFT EIP GATEW. with serial number <=2311xxxx with Firmware <=V2.11.0, SICK FX0-GMOD00000 FLEXISOFT MOD GATEW. with serial number <=2311xxxx with Firmware <=V2.11.0, SICK FX0-GPNT00000 FLEXISOFT PNET GATEW. with serial number <=2311xxxx with Firmware <=V2.12.0, SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2 with serial number <=2311xxxx all Firmware versions, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 with serial number <=2311xxxx all Firmware versions and SICK FX0-GMOD00010 FLEXISOFT MOD GW with serial number <=2311xxxx with Firmware <=V2.11.0 all have Telnet enabled by factory default. No password is set in the default configuration.

Products Affected

Vendor Product Version
sick ue410-en4_firmware *
sick fx0-gmod00010_firmware *
sick fx0-gpnt00030_firmware *
sick fx0-gpnt00000_firmware *
sick ue410-en3s04_firmware *
sick ue410-en1_firmware *
sick fx0-gent00000_firmware *
sick ue410-en3_firmware *
sick fx0-gmod00000_firmware *
sick fx0-gent00030_firmware *
CVE-2023-23452

Missing Authentication for Critical Function in SICK FX0-GPNT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
sick fx0-gpnt00010_firmware 3.04
sick fx0-gpnt00010_firmware 3.05
sick fx0-gpnt00000_firmware 3.04
sick fx0-gpnt00000_firmware 3.05
CVE-2023-23453

Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
sick fx0-gent00000_firmware 3.04
sick fx0-gent00010_firmware 3.05
sick fx0-gent00010_firmware 3.04
sick fx0-gent00000_firmware 3.05
CVE-2023-31408

Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to potentially steal user credentials that are stored in the user’s browsers local storage via cross-site-scripting attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
sick ftmg-esd25axx_firmware *
sick ftmg-esn50sxx_firmware *
sick ftmg-esr50sxx_firmware *
sick ftmg-esn40sxx_firmware *
sick ftmg-esr40sxx_firmware *
sick ftmg-esd15axx_firmware *
sick ftmg-esd20axx_firmware *
CVE-2023-31409

Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an remote attacker to influence the availability of the webserver by invocing a Slowloris style attack via HTTP requests.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
sick ftmg-esd25axx_firmware *
sick ftmg-esn50sxx_firmware *
sick ftmg-esr50sxx_firmware *
sick ftmg-esn40sxx_firmware *
sick ftmg-esr40sxx_firmware *
sick ftmg-esd15axx_firmware *
sick ftmg-esd20axx_firmware *
CVE-2023-31410

A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK EventCam App. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attacker can exploit this weakness to eavesdrop on the communication between the EventCam App and the Client, and potentially manipulate the data being transmitted.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
sick sick_eventcam_app *
CVE-2023-31411

A remote unprivileged attacker can modify and access configuration settings on the EventCam App due to the absence of API authentication. The lack of authentication in the API allows the attacker to potentially compromise the functionality of the EventCam App.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
sick sick_eventcam_app *
CVE-2023-31412

The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an attacker manages to retrieve the hash, it could lead to collision attacks and the potential retrieval of the password.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
sick lms511_firmware *
sick lms531_firmware *
sick lms500_firmware *
CVE-2023-3270

Exposure of Sensitive Information to an Unauthorized Actor in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 3.9 4.0

Products Affected

Vendor Product Version
sick icr890-4_firmware *
CVE-2023-3271

Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to gather information about the system and download data via the REST API by accessing unauthenticated endpoints.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L 3.9 4.2

Products Affected

Vendor Product Version
sick icr890-4_firmware *
CVE-2023-3272

Cleartext Transmission of Sensitive Information in the SICK ICR890-4 could allow a remote attacker to gather sensitive information by intercepting network traffic that is not encrypted.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
sick icr890-4_firmware *
CVE-2023-3273

Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to affect the availability of the device by changing settings of the device such as the IP address based on missing access control.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
sick icr890-4_firmware *
CVE-2023-35696

Unauthenticated endpoints in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the device via HTTP requests.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
sick icr890-4_firmware *
CVE-2023-35697

Improper Restriction of Excessive Authentication Attempts in the SICK ICR890-4 could allow a remote attacker to brute-force user credentials.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
sick icr890-4_firmware *
CVE-2023-35698

Observable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify valid usernames for the FTP server from the response given during a failed login attempt.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
sick icr890-4_firmware *
CVE-2023-35699

Cleartext Storage on Disk in the SICK ICR890-4 could allow an unauthenticated attacker with local access to the device to disclose sensitive information by accessing a SD card.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 5.3 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 0.9 4.0

Products Affected

Vendor Product Version
sick icr890-4_firmware *
CVE-2023-43696

Improper Access Control in SICK APU allows an unprivileged remote attacker to download as well as upload arbitrary files via anonymous access to the FTP server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N 3.9 4.2
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
sick apu0200_firmware *
CVE-2023-43697

Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP requests.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 3.9 2.5
psirt@sick.de 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 3.9 2.5

Products Affected

Vendor Product Version
sick apu0200_firmware *
CVE-2023-43698

Improper Neutralization of Input During Web Page Generation (’Cross-site Scripting’) in RDT400 in SICK APU allows an unprivileged remote attacker to run arbitrary code in the clients browser via injecting code into the website.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7
psirt@sick.de 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L 2.8 3.7

Products Affected

Vendor Product Version
sick apu0200_firmware *
CVE-2023-43699

Improper Restriction of Excessive Authentication Attempts in RDT400 in SICK APU allows an unprivileged remote attacker to guess the password via trial-and-error as the login attempts are not limited.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
sick apu0200_firmware *
CVE-2023-43700

Missing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data via HTTP requests that no not require authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 7.7 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H 2.2 5.5
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
sick apu0200_firmware *
CVE-2023-4418

A remote unprivileged attacker can sent multiple packages to the LMS5xx to disrupt its availability through a TCP SYN-based denial-of-service (DDoS) attack. By exploiting this vulnerability, an attacker can flood the targeted LMS5xx with a high volume of TCP SYN requests, overwhelming its resources and causing it to become unresponsive or unavailable for legitimate users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
psirt@sick.de 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
sick lms511_firmware *
sick lms531_firmware *
sick lms500_firmware *
CVE-2023-4419

The LMS5xx uses hard-coded credentials, which potentially allow low-skilled unauthorized remote attackers to reconfigure settings and /or disrupt the functionality of the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
sick lms511_firmware *
sick lms531_firmware *
sick lms500_firmware *
CVE-2023-4420

A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK LMS5xx. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attacker can exploit this weakness to eavesdrop on the communication between the LMS5xx and the Client, and potentially manipulate the data being transmitted.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2
psirt@sick.de 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
sick lms511_firmware *
sick lms531_firmware *
sick lms500_firmware *
CVE-2023-5100

Cleartext Transmission of Sensitive Information in RDT400 in SICK APU allows an unprivileged remote attacker to retrieve potentially sensitive information via intercepting network traffic that is not encrypted.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6
psirt@sick.de 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N 1.6 4.2

Products Affected

Vendor Product Version
sick apu0200_firmware *
CVE-2023-5101

Files or Directories Accessible to External Parties in RDT400 in SICK APU allows an unprivileged remote attacker to download various files from the server via HTTP requests.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
sick apu0200_firmware *
CVE-2023-5102

Insufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden functionality via HTTP requests.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
sick apu0200_firmware *
CVE-2023-5103

Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user into clicking on an actionable item using an iframe.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 2.8 1.4
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
sick apu0200_firmware *
CVE-2023-5246

Authentication Bypass by Capture-replay in SICK Flexi Soft Gateways with Partnumbers 1044073, 1127717, 1130282, 1044074, 1121597, 1099832, 1051432, 1127487, 1069070, 1112296, 1044072, 1121596, 1099830 allows an unauthenticated remote attacker to potentially impact the availability, integrity and confidentiality of the gateways via an authentication bypass by capture-replay.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
sick fx0-get00010_firmware -
sick fx0-gpnt00010_firmware -
sick fx0-gent00030_firmware -
sick fx0-gmod00030_firmware -
sick fx0-gepr00000_firmware -
sick fx0-gpnt00000_firmware -
sick fx0-gepr00010_firmware -
sick fx0-gmod00010_firmware -
sick fx0-gent00010_firmware -
sick fx0-get00000_firmware -
sick fx0-gpnt00030_firmware -
sick fx0-gmod00000_firmware -
sick fx0-gent00000_firmware -
CVE-2023-5288

A remote unauthorized attacker may connect to the SIM1012, interact with the device and change configuration settings. The adversary may also reset the SIM and in the worst case upload a new firmware version to the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
sick sim1012-0p0g200_firmware -
CVE-2025-10561

The device is running an outdated operating system, which may be susceptible to known vulnerabilities.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 9.3 CRITICAL CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.5 6.0

Products Affected

Vendor Product Version
sick tloc100-100_firmware *
CVE-2025-49181

Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET requests to gather sensitive information. An attacker could also send HTTP POST requests to modify the log files’ root path as well as the TCP ports the service is running on, leading to a Denial of Service attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 3.9 4.7

Products Affected

Vendor Product Version
sick media_server -
CVE-2025-49182

Files in the source code contain login credentials for the admin user and the property configuration password, allowing an attacker to get full access to the application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
sick media_server *
CVE-2025-49183

All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
sick media_server *
CVE-2025-49184

A remote unauthorized attacker may gather sensitive information of the application, due to missing authorization of configuration settings of the product.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
sick logistic_diagnostic_analytics *
sick enterprise_analytics *
sick package_analytics *
sick tire_analytics *
sick field_analytics *
sick baggage_analytics *
CVE-2025-49185

The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboard widgets can inject malicious JavaScript code into the Transform Function which will be executed when the widget receives data from its data source.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 5.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
sick field_analytics *
CVE-2025-49186

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
sick logistic_diagnostic_analytics *
sick package_analytics *
sick tire_analytics *
avaya media_server -
sick field_analytics *
sick baggage_analytics *
CVE-2025-49187

For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an attacker to guess usernames until they find an existing one.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
sick field_analytics *
CVE-2025-49188

The application sends user credentials as URL parameters instead of POST bodies, making it vulnerable to information gathering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
sick field_analytics *
CVE-2025-49190

The application is vulnerable to Server-Side Request Forgery (SSRF). An endpoint can be used to send server internal requests to other ports.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
sick field_analytics *
CVE-2025-49191

Linked URLs during the creation of iFrame widgets and dashboards are vulnerable to code execution. The URLs get embedded as iFrame widgets, making it possible to attack other users that access the dashboard by including malicious code. The attack is only possible if the attacker is authorized to create new dashboards or iFrame widgets.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

Products Affected

Vendor Product Version
sick field_analytics *
CVE-2025-49193

The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame (Clickjacking attacks) or not executing injected malicious JavaScript code (XSS attacks).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 4.2 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N 1.6 2.5

Products Affected

Vendor Product Version
sick logistic_diagnostic_analytics *
sick package_analytics *
sick tire_analytics *
sick field_analytics *
sick media_server *
sick baggage_analytics *
CVE-2025-49194

The server supports authentication methods in which credentials are sent in plaintext over unencrypted channels. If an attacker were to intercept traffic between a client and this server, the credentials would be exposed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
sick media_server *
CVE-2025-49195

The FTP server’s login mechanism does not restrict authentication attempts, allowing an attacker to brute-force user passwords and potentially compromising the FTP server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
sick media_server *
CVE-2025-49196

A service supports the use of a deprecated and unsafe TLS version. This could be exploited to expose sensitive information, modify data in unexpected ways or spoof identities of other users or devices, affecting the confidentiality and integrity of the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 6.5 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N 2.2 4.2

Products Affected

Vendor Product Version
sick field_analytics *
CVE-2025-49197

The application uses a weak password hash function, allowing an attacker to crack the weak password hash to gain access to an FTP user account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
sick media_server *
CVE-2025-49198

The Media Server’s authorization tokens have a poor quality of randomness. An attacker may be able to guess the token of an active user by computing plausible tokens.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N 1.6 1.4

Products Affected

Vendor Product Version
sick media_server *
CVE-2025-49199

The backup ZIPs are not signed by the application, leading to the possibility that an attacker can download a backup ZIP, modify and re-upload it. This allows the attacker to disrupt the application by configuring the services in a way that they are unable to run, making the application unusable. They can redirect traffic that is meant to be internal to their own hosted services and gathering information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
sick field_analytics *
CVE-2025-49200

The created backup files are unencrypted, making the application vulnerable for gathering sensitive information by downloading and decompressing the backup files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
sick field_analytics *
CVE-2025-58578

A user with the appropriate authorization can create any number of user accounts via an API endpoint using a POST request. There are no quotas, checking mechanisms or restrictions to limit the creation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 3.8 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L 1.2 2.5

Products Affected

Vendor Product Version
sick enterprise_analytics *
CVE-2025-58579

Due to a lack of authentication, it is possible for an unauthenticated user to request data from this endpoint, making the application vulnerable for user enumeration.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
sick logistic_diagnostic_analytics *
sick enterprise_analytics *
sick package_analytics *
sick tire_analytics *
sick baggage_analytics *
CVE-2025-58580

An API endpoint allows arbitrary log entries to be created via POST request. Without sufficient validation of the input data, an attacker can create manipulated log entries and thus falsify or dilute logs, for example.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 3.9 2.5

Products Affected

Vendor Product Version
sick enterprise_analytics *
CVE-2025-58581

When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information. An attacker can thus obtain information about the technology used and the structure of the application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
sick enterprise_analytics *
CVE-2025-58582

If a user tries to login but the provided credentials are incorrect a log is created. The data for this POST requests is not validated and it’s possible to send giant payloads which are then logged.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
sick enterprise_analytics *
CVE-2025-58583

The application provides access to a login protected H2 database for caching purposes. The username is prefilled.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
sick enterprise_analytics *
CVE-2025-58584

In the HTTP request, the username and password are transferred directly in the URL as parameters. However, URLs can be stored in various systems such as server logs, browser histories or proxy servers. As a result, there is a high risk that this sensitive data will be disclosed unintentionally.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
sick logistic_diagnostic_analytics *
sick enterprise_analytics *
sick package_analytics *
sick tire_analytics *
sick baggage_analytics *
CVE-2025-58585

Multiple endpoints with sensitive information do not require authentication, making the application susceptible to information gathering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
sick logistic_diagnostic_analytics *
sick package_analytics *
sick tire_analytics *
sick baggage_analytics *
CVE-2025-58586

For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an attacker to guess usernames until they find an existing one.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
sick logistic_diagnostic_analytics *
sick enterprise_analytics *
sick package_analytics *
sick tire_analytics *
sick baggage_analytics *
CVE-2025-58587

The application does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it possible for an attacker to guess user credentials.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 3.9 2.5

Products Affected

Vendor Product Version
sick logistic_diagnostic_analytics *
sick enterprise_analytics *
sick package_analytics *
sick tire_analytics *
sick baggage_analytics *
CVE-2025-58589

When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information. An attacker thus receives information about the technology used and the structure of the application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 2.7 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N 1.2 1.4

Products Affected

Vendor Product Version
sick logistic_diagnostic_analytics *
sick package_analytics *
sick tire_analytics *
sick baggage_analytics *
CVE-2025-58590

It's possible to brute force folders and files, what can be used by an attacker to steal sensitve information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
sick logistic_diagnostic_analytics *
sick package_analytics *
sick tire_analytics *
sick baggage_analytics *
CVE-2025-58591

A remote, unauthorized attacker can brute force folders and files and read them like private keys or configurations, making the application vulnerable for gathering sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
sick logistic_diagnostic_analytics *
sick package_analytics *
sick tire_analytics *
sick baggage_analytics *
CVE-2025-59459

An attacker that gains SSH access to an unprivileged account may be able to disrupt services (including SSH), causing persistent loss of availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
sick tloc100-100_firmware *
CVE-2025-59460

The system is deployed in its default state, with configuration settings that do not comply with the latest best practices for restricting access. This increases the risk of unauthorised connections.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
sick tloc100-100_firmware *
CVE-2025-59461

A remote unauthenticated attacker may use the unauthenticated C++ API to access or modify sensitive data and disrupt services.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 7.6 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 2.8 4.7

Products Affected

Vendor Product Version
sick tloc100-100_firmware *
CVE-2025-59462

An attacker who tampers with the C++ CLI client may crash the UpdateService during file transfers, disrupting updates and availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
sick tloc100-100_firmware *
CVE-2025-59463

An attacker may cause chunk-size mismatches that block file transfers and prevent subsequent transfers.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 2.8 1.4

Products Affected

Vendor Product Version
sick tloc100-100_firmware *
CVE-2025-9913

JavaScript can be ran inside the address bar via the dashboard "Open in new Tab" Button, making the application vulnerable to session hijacking.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 4.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N 0.9 3.6

Products Affected

Vendor Product Version
sick logistic_diagnostic_analytics *
sick package_analytics *
sick tire_analytics *
sick baggage_analytics *
CVE-2025-9914

The credentials of the users stored in the system's local database can be used for the log in, making it possible for an attacker to gain unauthorized access. This could potentially affect the confidentiality of the application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
sick logistic_diagnostic_analytics *
sick package_analytics *
sick tire_analytics *
sick baggage_analytics *
CVE-2026-1626

An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
sick mrs1000_firmware *
sick lms1000_firmware *
CVE-2026-1627

An attacker may exploit the use of outdated and weak MAC algorithms in the device’s SSH service to potentially compromise the integrity of the SSH session, allowing manipulation of transmitted data if the attacker can interact with the network traffic.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
sick mrs1000_firmware *
sick lms1000_firmware *
CVE-2026-22644

Certain requests pass the authentication token in the URL as string query parameter, making it vulnerable to theft through server logs, proxy logs and Referer headers, which could allow an attacker to hijack the user's session and gain unauthorized access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
sick incoming_goods_suite *
CVE-2026-22645

The application discloses all used components, versions and license information to unauthenticated actors, giving attackers the opportunity to target known security vulnerabilities of used components.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
sick incoming_goods_suite *
CVE-2026-22646

Certain error messages returned by the application expose internal system details that should not be visible to end users, providing attackers with valuable reconnaissance information (like file paths, database errors, or software versions) that can be used to map the application's internal structure and discover other, more critical vulnerabilities.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
sick incoming_goods_suite *
CVE-2026-22907

An attacker may gain unauthorized access to the host filesystem, potentially allowing them to read and modify system data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0

Products Affected

Vendor Product Version
sick tdc-x401gl_firmware *
CVE-2026-22908

Uploading unvalidated container images may allow remote attackers to gain full access to the system, potentially compromising its integrity and confidentiality.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

Products Affected

Vendor Product Version
sick tdc-x401gl_firmware *
CVE-2026-22909

Certain system functions may be accessed without proper authorization, allowing attackers to start, stop, or delete installed applications, potentially disrupting system operations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
sick tdc-x401gl_firmware *
CVE-2026-22910

The device is deployed with weak and publicly known default passwords for certain hidden user levels, increasing the risk of unauthorized access. This represents a high risk to the integrity of the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
sick tdc-x401gl_firmware *
CVE-2026-22911

Firmware update files may expose password hashes for system accounts, which could allow a remote attacker to recover credentials and gain unauthorized access to the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
sick tdc-x401gl_firmware *
CVE-2026-22912

Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
sick tdc-x401gl_firmware *
CVE-2026-22913

Improper handling of a URL parameter may allow attackers to execute code in a user's browser after login. This can lead to the extraction of sensitive data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
sick tdc-x401gl_firmware *
CVE-2026-22914

An attacker with limited permissions may still be able to write files to specific locations on the device, potentially leading to system manipulation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
sick tdc-x401gl_firmware *
CVE-2026-22915

An attacker with low privileges may be able to read files from specific directories on the device, potentially exposing sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
sick tdc-x401gl_firmware *
CVE-2026-22916

An attacker with low privileges may be able to trigger critical system functions such as reboot or factory reset without proper restrictions, potentially leading to service disruption or loss of configuration.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 2.8 1.4

Products Affected

Vendor Product Version
sick tdc-x401gl_firmware *
CVE-2026-22917

Improper input handling in a system endpoint may allow attackers to overload resources, causing a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 2.8 1.4

Products Affected

Vendor Product Version
sick tdc-x401gl_firmware *
CVE-2026-22918

An attacker may exploit missing protection against clickjacking by tricking users into performing unintended actions through maliciously crafted web pages, leading to the extraction of sensitive data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
sick tdc-x401gl_firmware *
CVE-2026-22919

An attacker with administrative access may inject malicious content into the login page, potentially enabling cross-site scripting (XSS) attacks, leading to the extraction of sensitive data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 3.8 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N 1.2 2.5

Products Affected

Vendor Product Version
sick tdc-x401gl_firmware *
CVE-2026-22920

The device's passwords have not been adequately salted, making them vulnerable to password extraction attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@sick.de 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 2.2 1.4

Products Affected

Vendor Product Version
sick tdc-x401gl_firmware *