Vulnerabilities (CVE)

Filtered by vendor Sick Subscribe
Filtered by product Apu0200 Firmware
Total 9 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-5103 1 Sick 2 Apu0200, Apu0200 Firmware 2024-11-21 N/A 4.3 MEDIUM
Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user into clicking on an actionable item using an iframe.
CVE-2023-5102 1 Sick 2 Apu0200, Apu0200 Firmware 2024-11-21 N/A 5.3 MEDIUM
Insufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden functionality via HTTP requests.
CVE-2023-5101 1 Sick 2 Apu0200, Apu0200 Firmware 2024-11-21 N/A 5.3 MEDIUM
Files or Directories Accessible to External Parties in RDT400 in SICK APU allows an unprivileged remote attacker to download various files from the server via HTTP requests.
CVE-2023-5100 1 Sick 2 Apu0200, Apu0200 Firmware 2024-11-21 N/A 5.9 MEDIUM
Cleartext Transmission of Sensitive Information in RDT400 in SICK APU allows an unprivileged remote attacker to retrieve potentially sensitive information via intercepting network traffic that is not encrypted.
CVE-2023-43700 1 Sick 2 Apu0200, Apu0200 Firmware 2024-11-21 N/A 7.7 HIGH
Missing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data via HTTP requests that no not require authentication.
CVE-2023-43699 1 Sick 2 Apu0200, Apu0200 Firmware 2024-11-21 N/A 7.5 HIGH
Improper Restriction of Excessive Authentication Attempts in RDT400 in SICK APU allows an unprivileged remote attacker to guess the password via trial-and-error as the login attempts are not limited.
CVE-2023-43698 1 Sick 2 Apu0200, Apu0200 Firmware 2024-11-21 N/A 7.1 HIGH
Improper Neutralization of Input During Web Page Generation (’Cross-site Scripting’) in RDT400 in SICK APU allows an unprivileged remote attacker to run arbitrary code in the clients browser via injecting code into the website.
CVE-2023-43697 1 Sick 2 Apu0200, Apu0200 Firmware 2024-11-21 N/A 6.5 MEDIUM
Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP requests.
CVE-2023-43696 1 Sick 2 Apu0200, Apu0200 Firmware 2024-11-21 N/A 8.2 HIGH
Improper Access Control in SICK APU allows an unprivileged remote attacker to download as well as upload arbitrary files via anonymous access to the FTP server.