SICK AG

Lua apps can be deployed, removed, started, reloaded or stopped without authorization via AppManager. This allows an attacker to remove legitimate ap…

Unauthenticated CROWN APIs allow access to critical functions. This leads to the accessibility of large parts of the web application without authenti…

The product is vulnerable to pass-the-hash attacks in combination with hardcoded credentials of hidden user levels. This means that an attacker can l…

Since the firmware update is not validated, an attacker can install modified firmware on the device. This has a high impact on the availabilty, integ…

Due to missing input validation during one step of the firmware update process, the product is vulnerable to remote code execution. With network acce…

The authentication process to the web server uses a challenge response procedure which inludes the nonce and additional information. This challenge c…

A vulnerability in the Incoming Goods Suite allows a user with unprivileged access to the underlying system (e.g. local or via SSH) a privilege escal…

A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext cre…

A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product’s IP address over Sopas ET. This can lead to Denial of Servic…