Vulnerabilities (CVE)

Filtered by vendor Sick Subscribe
Filtered by product Icr890-4 Firmware
Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-3273 1 Sick 2 Icr890-4, Icr890-4 Firmware 2024-11-21 N/A 7.5 HIGH
Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to affect the availability of the device by changing settings of the device such as the IP address based on missing access control.
CVE-2023-3272 1 Sick 2 Icr890-4, Icr890-4 Firmware 2024-11-21 N/A 7.5 HIGH
Cleartext Transmission of Sensitive Information in the SICK ICR890-4 could allow a remote attacker to gather sensitive information by intercepting network traffic that is not encrypted.
CVE-2023-3271 1 Sick 2 Icr890-4, Icr890-4 Firmware 2024-11-21 N/A 8.2 HIGH
Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to gather information about the system and download data via the REST API by accessing unauthenticated endpoints.
CVE-2023-3270 1 Sick 2 Icr890-4, Icr890-4 Firmware 2024-11-21 N/A 8.6 HIGH
Exposure of Sensitive Information to an Unauthorized Actor in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the system.
CVE-2023-35699 1 Sick 2 Icr890-4, Icr890-4 Firmware 2024-11-21 N/A 5.3 MEDIUM
Cleartext Storage on Disk in the SICK ICR890-4 could allow an unauthenticated attacker with local access to the device to disclose sensitive information by accessing a SD card.
CVE-2023-35698 1 Sick 2 Icr890-4, Icr890-4 Firmware 2024-11-21 N/A 5.3 MEDIUM
Observable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify valid usernames for the FTP server from the response given during a failed login attempt.
CVE-2023-35697 1 Sick 2 Icr890-4, Icr890-4 Firmware 2024-11-21 N/A 5.3 MEDIUM
Improper Restriction of Excessive Authentication Attempts in the SICK ICR890-4 could allow a remote attacker to brute-force user credentials.
CVE-2023-35696 1 Sick 2 Icr890-4, Icr890-4 Firmware 2024-11-21 N/A 7.5 HIGH
Unauthenticated endpoints in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the device via HTTP requests.