Vulnerabilities in SICK AG
112 resultsCVE-2025-58583MEDIUMUser EnumerationEPSS 0.3%CVE-2025-58589LOWInformation Disclosure Through StacktraceEPSS 0.3%CVE-2024-10772HIGHSICK InspectorP61x and SICK InspectorP62x are vulnerable for firmware modificationEPSS 0.3%CVE-2026-22912MEDIUMImproper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to EPSS 0.3%CVE-2025-49186MEDIUMNo brute-force protectionEPSS 0.3%CVE-2025-49198LOWPoor quality of randomness in authorization tokensEPSS 0.3%CVE-2025-59459MEDIUMDenial-of-service (DoS) via resource consumptionEPSS 0.3%CVE-2025-58581MEDIUMInformation Disclosure Through Stacktrace-/MQTT/Config/changeAllEPSS 0.3%CVE-2025-32471LOWReuse of saltEPSS 0.3%CVE-2023-31410CRITICALA remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TEPSS 0.3%CVE-2025-9914MEDIUMThe credentials of the users stored in the system's local database can be used for the log in, making it possible for an attacker to gain unEPSS 0.3%CVE-2025-58578LOWUnlimited user creation by authorized usersEPSS 0.3%CVE-2025-49191MEDIUMDashboards and iFrames can link malicious web contentEPSS 0.3%CVE-2026-22918MEDIUMAn attacker may exploit missing protection against clickjacking by tricking users into performing unintended actions through maliciously craEPSS 0.3%CVE-2026-22914MEDIUMAn attacker with limited permissions may still be able to write files to specific locations on the device, potentially leading to system manEPSS 0.3%CVE-2025-49190MEDIUMServer-Side Request ForgeryEPSS 0.3%CVE-2025-49199HIGHBackup files can be modified and uploadedEPSS 0.3%CVE-2025-49194HIGHUnencrypted communicationEPSS 0.3%CVE-2025-49192MEDIUMClickjackingEPSS 0.3%CVE-2025-9913MEDIUMCross Site Scripting: Session HijackingEPSS 0.3%