Sick: Security Vulnerabilities
SICK Package Analytics software up to and including version V04.0.0 are vulnerable to an authentication bypass by directly interfacing with the REST API. An attacker can send unauthorized requests, bypass current authentication controls presented by the application and could potentially write files without authentication.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-07-29
SICK Package Analytics software up to and including version V04.0.0 are vulnerable due to incorrect default permissions settings. An unauthorized attacker could read sensitive data from the system by querying for known files using the REST API directly.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-07-29
Passwords are stored in plain text within the configuration of SICK Package Analytics software up to and including V04.1.1. An authorized attacker could access these stored plaintext credentials and gain access to the ftp service. Storing a password in plaintext allows attackers to easily gain access to systems, potentially compromising personal information or other sensitive information.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-07-29
SICK FX0-GPNT00000 and FX0-GENT00000 devices through 3.4.0 have a Buffer Overflow
CVSS Score
7.5
EPSS Score
0.004
Published
2019-09-24
SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password.
CVSS Score
9.8
EPSS Score
0.016
Published
2019-07-01
Page 7