Vulnerabilities in SICK AG
112 resultsCVE-2025-59462MEDIUMDenial-of-service (DoS) via delayed or missing client responseEPSS 0.5%CVE-2025-58590MEDIUMPath traversalEPSS 0.5%CVE-2025-58591MEDIUMPath TraversalEPSS 0.5%CVE-2026-22911MEDIUMFirmware update files may expose password hashes for system accounts, which could allow a remote attacker to recover credentials and gain unEPSS 0.5%CVE-2026-22644MEDIUMCertain requests pass the authentication token in the URL as string query parameter, making it vulnerable to theft through server logs, proxEPSS 0.5%CVE-2023-43698HIGH
Improper Neutralization of Input During Web Page Generation (’Cross-site Scripting’) in RDT400 in SICK APU allows an unprivileged remote atEPSS 0.5%CVE-2024-10776HIGHSICK InspectorP61x and SICK InspectorP62x: missing authenticationEPSS 0.5%CVE-2025-49182HIGHCredential disclosureEPSS 0.5%CVE-2025-58587MEDIUMImproper Restriction of Excessive Authentication AttemptsEPSS 0.5%CVE-2025-49195MEDIUMNo protection against brute-force attacksEPSS 0.5%CVE-2023-5103MEDIUMImproper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensEPSS 0.5%CVE-2025-59461HIGHAPI does not require authenticationEPSS 0.4%CVE-2023-3272HIGHCleartext Transmission of Sensitive Information in the SICK ICR890-4 could allow a
remote attacker to gather sensitive information by intercEPSS 0.4%CVE-2026-22910HIGHThe device is deployed with weak and publicly known default passwords for certain hidden user levels, increasing the risk of unauthorized acEPSS 0.4%CVE-2025-27594HIGHUnencrypted transmission of password hashEPSS 0.4%CVE-2024-10774HIGHSICK InspectorP61x and SICK InspectorP62x have unauthenticated CROWN APIsEPSS 0.4%CVE-2023-31408MEDIUMCleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR with
Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 112252EPSS 0.4%CVE-2025-49184HIGHInformation disclosure to unauthorized userEPSS 0.4%CVE-2026-22907CRITICALAn attacker may gain unauthorized access to the host filesystem, potentially allowing them to read and modify system data.EPSS 0.4%CVE-2026-22645MEDIUMThe application discloses all used components, versions and license information to unauthenticated actors, giving attackers the opportunity EPSS 0.4%