Search

Find a vulnerability

Search criteria

    16 vulnerabilities found for ICR890-4 by SICK AG

    CVE-2023-3273 (GCVE-0-2023-3273)

    Vulnerability from nvd – Published: 2023-07-10 09:31 – Updated: 2026-06-01 12:20
    VLAI
    Summary
    Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to affect the availability of the device by changing settings of the device such as the IP address based on missing access control.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    SICK AG ICR890-4 Affected: 0 , < 2.5.0 (*)
    Create a notification for this product.
    sick_ag icr890-4 Affected: 0 , < 2.5.0 (custom)
        cpe:2.3:a:sick_ag:icr890-4:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:48:08.408Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://sick.com/psirt"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf"
              },
              {
                "tags": [
                  "x_csaf",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sick_ag:icr890-4:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "icr890-4",
                "vendor": "sick_ag",
                "versions": [
                  {
                    "lessThan": "2.5.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3273",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-12T14:17:22.856069Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-12T14:17:56.263Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "ICR890-4",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "2.5.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to affect the availability of the device by changing settings of the device such as the IP\naddress based on missing access control."
                }
              ],
              "value": "Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to affect the availability of the device by changing settings of the device such as the IP\naddress based on missing access control."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T12:20:21.236Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf"
            },
            {
              "tags": [
                "x_csaf"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SICK recommends to disable port 2111 \u0026amp; 2122 once the SICK ICR890-4 is put into operation.\n\n\u003cbr\u003e"
                }
              ],
              "value": "SICK recommends to disable port 2111 \u0026 2122 once the SICK ICR890-4 is put into operation."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2023-3273",
        "datePublished": "2023-07-10T09:31:17.829Z",
        "dateReserved": "2023-06-15T11:32:34.499Z",
        "dateUpdated": "2026-06-01T12:20:21.236Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-3272 (GCVE-0-2023-3272)

    Vulnerability from nvd – Published: 2023-07-10 09:27 – Updated: 2026-06-01 12:18
    VLAI
    Summary
    Cleartext Transmission of Sensitive Information in the SICK ICR890-4 could allow a remote attacker to gather sensitive information by intercepting network traffic that is not encrypted.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    Impacted products
    Vendor Product Version
    SICK AG ICR890-4 Affected: 0 , < 2.5.0 (*)
    Create a notification for this product.
    sick_ag icr890-4 Affected: 0 , < 2.5.0 (custom)
        cpe:2.3:a:sick_ag:icr890-4:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:48:08.392Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://sick.com/psirt"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf"
              },
              {
                "tags": [
                  "x_csaf",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sick_ag:icr890-4:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "icr890-4",
                "vendor": "sick_ag",
                "versions": [
                  {
                    "lessThan": "2.5.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3272",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-12T14:18:17.926598Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-12T14:18:45.915Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "ICR890-4",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "2.5.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Cleartext Transmission of Sensitive Information in the SICK ICR890-4 could allow a\nremote attacker to gather sensitive information by intercepting network traffic that is not encrypted."
                }
              ],
              "value": "Cleartext Transmission of Sensitive Information in the SICK ICR890-4 could allow a\nremote attacker to gather sensitive information by intercepting network traffic that is not encrypted."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T12:18:35.427Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf"
            },
            {
              "tags": [
                "x_csaf"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SICK recommends to disable port 2111 \u0026amp; 2122 once the SICK ICR890-4 is put into operation.\n\n\u003cbr\u003e"
                }
              ],
              "value": "SICK recommends to disable port 2111 \u0026 2122 once the SICK ICR890-4 is put into operation."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2023-3272",
        "datePublished": "2023-07-10T09:27:46.002Z",
        "dateReserved": "2023-06-15T11:32:32.808Z",
        "dateUpdated": "2026-06-01T12:18:35.427Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-3271 (GCVE-0-2023-3271)

    Vulnerability from nvd – Published: 2023-07-10 09:26 – Updated: 2026-06-01 12:20
    VLAI
    Summary
    Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to gather information about the system and download data via the REST API by accessing unauthenticated endpoints.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    SICK AG ICR890-4 Affected: 0 , < 2.5.0 (*)
    Create a notification for this product.
    sick_ag icr890-4 Affected: 0 , < 2.5.0 (custom)
        cpe:2.3:a:sick_ag:icr890-4:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:48:08.371Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://sick.com/psirt"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf"
              },
              {
                "tags": [
                  "x_csaf",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sick_ag:icr890-4:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "icr890-4",
                "vendor": "sick_ag",
                "versions": [
                  {
                    "lessThan": "2.5.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3271",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-12T14:19:06.230650Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-12T14:19:30.590Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "ICR890-4",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "2.5.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to gather information about the system and download data via the REST API by accessing\nunauthenticated endpoints."
                }
              ],
              "value": "Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to gather information about the system and download data via the REST API by accessing\nunauthenticated endpoints."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T12:20:55.083Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf"
            },
            {
              "tags": [
                "x_csaf"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The recommended solution is to update the firmware to a version \u0026gt;= V2.5.0 as soon as\npossible.\n\n\u003cbr\u003e"
                }
              ],
              "value": "The recommended solution is to update the firmware to a version \u003e= V2.5.0 as soon as\npossible."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2023-3271",
        "datePublished": "2023-07-10T09:26:21.041Z",
        "dateReserved": "2023-06-15T11:32:31.460Z",
        "dateUpdated": "2026-06-01T12:20:55.083Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-3270 (GCVE-0-2023-3270)

    Vulnerability from nvd – Published: 2023-07-10 09:18 – Updated: 2026-06-01 12:19
    VLAI
    Summary
    Exposure of Sensitive Information to an Unauthorized Actor in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the system.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    SICK AG ICR890-4 Affected: 0 , < 2.5.0 (*)
    Create a notification for this product.
    sick_ag icr890-4 Affected: 0 , < 2.5.0 (custom)
        cpe:2.3:a:sick_ag:icr890-4:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:48:08.407Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://sick.com/psirt"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf"
              },
              {
                "tags": [
                  "x_csaf",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sick_ag:icr890-4:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "icr890-4",
                "vendor": "sick_ag",
                "versions": [
                  {
                    "lessThan": "2.5.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3270",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-12T14:19:58.013611Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-12T14:20:22.953Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "ICR890-4",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "2.5.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Exposure of Sensitive Information to an Unauthorized Actor in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the system."
                }
              ],
              "value": "Exposure of Sensitive Information to an Unauthorized Actor in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T12:19:29.956Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf"
            },
            {
              "tags": [
                "x_csaf"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SICK recommends to disable port 2111 \u0026amp; 2122 once the SICK ICR890-4 is put into operation."
                }
              ],
              "value": "SICK recommends to disable port 2111 \u0026 2122 once the SICK ICR890-4 is put into operation."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2023-3270",
        "datePublished": "2023-07-10T09:18:28.375Z",
        "dateReserved": "2023-06-15T11:32:12.485Z",
        "dateUpdated": "2026-06-01T12:19:29.956Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-35699 (GCVE-0-2023-35699)

    Vulnerability from nvd – Published: 2023-07-10 09:39 – Updated: 2026-06-01 12:10
    VLAI
    Summary
    Cleartext Storage on Disk in the SICK ICR890-4 could allow an unauthenticated attacker with local access to the device to disclose sensitive information by accessing a SD card.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-313 - Cleartext Storage in a File or on Disk
    Assigner
    Impacted products
    Vendor Product Version
    SICK AG ICR890-4 Affected: 0 , < 2.5.0 (*)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:30:44.141Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://sick.com/psirt"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf"
              },
              {
                "tags": [
                  "x_csaf",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-35699",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-25T19:50:31.404610Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T19:51:39.248Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "ICR890-4",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "2.5.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Cleartext Storage on Disk in the SICK ICR890-4 could allow an unauthenticated attacker with local access to the device to disclose sensitive information by accessing a SD card."
                }
              ],
              "value": "Cleartext Storage on Disk in the SICK ICR890-4 could allow an unauthenticated attacker with local access to the device to disclose sensitive information by accessing a SD card."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-313",
                  "description": "CWE-313 Cleartext Storage in a File or on Disk",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T12:10:16.255Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf"
            },
            {
              "tags": [
                "x_csaf"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Please make sure that you apply general security practices when operating the SICK ICR890-\n4 like restricting physical access to the device. The following general security practices could mitigate\nthe associated security risk.\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "Please make sure that you apply general security practices when operating the SICK ICR890-\n4 like restricting physical access to the device. The following general security practices could mitigate\nthe associated security risk."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2023-35699",
        "datePublished": "2023-07-10T09:39:45.804Z",
        "dateReserved": "2023-06-15T11:32:19.767Z",
        "dateUpdated": "2026-06-01T12:10:16.255Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-35698 (GCVE-0-2023-35698)

    Vulnerability from nvd – Published: 2023-07-10 09:37 – Updated: 2026-06-01 12:11
    VLAI
    Summary
    Observable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify valid usernames for the FTP server from the response given during a failed login attempt.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-204 - Observable Response Discrepancy
    Assigner
    Impacted products
    Vendor Product Version
    SICK AG ICR890-4 Affected: 0 , < 2.5.0 (*)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:30:44.401Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://sick.com/psirt"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf"
              },
              {
                "tags": [
                  "x_csaf",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-35698",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-25T19:50:35.574284Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T19:51:56.241Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "ICR890-4",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "2.5.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Observable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify valid usernames for the FTP server from the response given during a failed login\nattempt."
                }
              ],
              "value": "Observable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify valid usernames for the FTP server from the response given during a failed login\nattempt."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-204",
                  "description": "CWE-204 Observable Response Discrepancy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T12:11:21.524Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf"
            },
            {
              "tags": [
                "x_csaf"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The recommended solution is to update the firmware to a version \u0026gt;= V2.5.0 as soon as\npossible.\n\n\u003cbr\u003e"
                }
              ],
              "value": "The recommended solution is to update the firmware to a version \u003e= V2.5.0 as soon as\npossible."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2023-35698",
        "datePublished": "2023-07-10T09:37:22.798Z",
        "dateReserved": "2023-06-15T11:32:19.767Z",
        "dateUpdated": "2026-06-01T12:11:21.524Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-35697 (GCVE-0-2023-35697)

    Vulnerability from nvd – Published: 2023-07-10 09:35 – Updated: 2026-06-01 12:12
    VLAI
    Summary
    Improper Restriction of Excessive Authentication Attempts in the SICK ICR890-4 could allow a remote attacker to brute-force user credentials.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-307 - Improper Restriction of Excessive Authentication Attempts
    Assigner
    Impacted products
    Vendor Product Version
    SICK AG ICR890-4 Affected: 0 , < 2.5.0 (*)
    Create a notification for this product.
    sick_ag icr890-4 Affected: 0 , < 2.5.0 (custom)
        cpe:2.3:a:sick_ag:icr890-4:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:30:44.508Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://sick.com/psirt"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf"
              },
              {
                "tags": [
                  "x_csaf",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sick_ag:icr890-4:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "icr890-4",
                "vendor": "sick_ag",
                "versions": [
                  {
                    "lessThan": "2.5.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-35697",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-12T14:11:42.784362Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-12T14:12:57.135Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "ICR890-4",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "2.5.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Restriction of Excessive Authentication Attempts in the SICK ICR890-4\ncould allow a remote attacker to brute-force user credentials."
                }
              ],
              "value": "Improper Restriction of Excessive Authentication Attempts in the SICK ICR890-4\ncould allow a remote attacker to brute-force user credentials."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-307",
                  "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T12:12:03.933Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf"
            },
            {
              "tags": [
                "x_csaf"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The recommended solution is to update the firmware to a version \u0026gt;= V2.5.0 as soon as\npossible.\n\n\u003cbr\u003e"
                }
              ],
              "value": "The recommended solution is to update the firmware to a version \u003e= V2.5.0 as soon as\npossible."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2023-35697",
        "datePublished": "2023-07-10T09:35:52.067Z",
        "dateReserved": "2023-06-15T11:32:19.767Z",
        "dateUpdated": "2026-06-01T12:12:03.933Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-35696 (GCVE-0-2023-35696)

    Vulnerability from nvd – Published: 2023-07-10 09:32 – Updated: 2026-06-01 12:12
    VLAI
    Summary
    Unauthenticated endpoints in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the device via HTTP requests.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-668 - Exposure of Resource to Wrong Sphere
    Assigner
    Impacted products
    Vendor Product Version
    SICK AG ICR890-4 Affected: 0 , < 2.5.0 (*)
    Create a notification for this product.
    sick_ag icr890-4 Affected: 0 , < 2.5.0 (custom)
        cpe:2.3:a:sick_ag:icr890-4:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:30:44.643Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://sick.com/psirt"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf"
              },
              {
                "tags": [
                  "x_csaf",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sick_ag:icr890-4:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "icr890-4",
                "vendor": "sick_ag",
                "versions": [
                  {
                    "lessThan": "2.5.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-35696",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-12T14:38:05.414683Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-12T14:38:32.412Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "ICR890-4",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "2.5.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Unauthenticated endpoints in the SICK ICR890-4 could allow an unauthenticated\nremote attacker to retrieve sensitive information about the device via HTTP requests."
                }
              ],
              "value": "Unauthenticated endpoints in the SICK ICR890-4 could allow an unauthenticated\nremote attacker to retrieve sensitive information about the device via HTTP requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-668",
                  "description": "CWE-668 Exposure of Resource to Wrong Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T12:12:37.020Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf"
            },
            {
              "tags": [
                "x_csaf"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The recommended solution is to update the firmware to a version \u0026gt;= V2.5.0 as soon as\npossible.\n\n\u003cbr\u003e"
                }
              ],
              "value": "The recommended solution is to update the firmware to a version \u003e= V2.5.0 as soon as\npossible."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2023-35696",
        "datePublished": "2023-07-10T09:32:57.842Z",
        "dateReserved": "2023-06-15T11:32:19.767Z",
        "dateUpdated": "2026-06-01T12:12:37.020Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-35699 (GCVE-0-2023-35699)

    Vulnerability from cvelistv5 – Published: 2023-07-10 09:39 – Updated: 2026-06-01 12:10
    VLAI
    Summary
    Cleartext Storage on Disk in the SICK ICR890-4 could allow an unauthenticated attacker with local access to the device to disclose sensitive information by accessing a SD card.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-313 - Cleartext Storage in a File or on Disk
    Assigner
    Impacted products
    Vendor Product Version
    SICK AG ICR890-4 Affected: 0 , < 2.5.0 (*)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:30:44.141Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://sick.com/psirt"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf"
              },
              {
                "tags": [
                  "x_csaf",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-35699",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-25T19:50:31.404610Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T19:51:39.248Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "ICR890-4",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "2.5.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Cleartext Storage on Disk in the SICK ICR890-4 could allow an unauthenticated attacker with local access to the device to disclose sensitive information by accessing a SD card."
                }
              ],
              "value": "Cleartext Storage on Disk in the SICK ICR890-4 could allow an unauthenticated attacker with local access to the device to disclose sensitive information by accessing a SD card."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-313",
                  "description": "CWE-313 Cleartext Storage in a File or on Disk",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T12:10:16.255Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf"
            },
            {
              "tags": [
                "x_csaf"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Please make sure that you apply general security practices when operating the SICK ICR890-\n4 like restricting physical access to the device. The following general security practices could mitigate\nthe associated security risk.\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "Please make sure that you apply general security practices when operating the SICK ICR890-\n4 like restricting physical access to the device. The following general security practices could mitigate\nthe associated security risk."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2023-35699",
        "datePublished": "2023-07-10T09:39:45.804Z",
        "dateReserved": "2023-06-15T11:32:19.767Z",
        "dateUpdated": "2026-06-01T12:10:16.255Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-35698 (GCVE-0-2023-35698)

    Vulnerability from cvelistv5 – Published: 2023-07-10 09:37 – Updated: 2026-06-01 12:11
    VLAI
    Summary
    Observable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify valid usernames for the FTP server from the response given during a failed login attempt.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-204 - Observable Response Discrepancy
    Assigner
    Impacted products
    Vendor Product Version
    SICK AG ICR890-4 Affected: 0 , < 2.5.0 (*)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:30:44.401Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://sick.com/psirt"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf"
              },
              {
                "tags": [
                  "x_csaf",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-35698",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-25T19:50:35.574284Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T19:51:56.241Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "ICR890-4",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "2.5.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Observable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify valid usernames for the FTP server from the response given during a failed login\nattempt."
                }
              ],
              "value": "Observable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify valid usernames for the FTP server from the response given during a failed login\nattempt."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-204",
                  "description": "CWE-204 Observable Response Discrepancy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T12:11:21.524Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf"
            },
            {
              "tags": [
                "x_csaf"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The recommended solution is to update the firmware to a version \u0026gt;= V2.5.0 as soon as\npossible.\n\n\u003cbr\u003e"
                }
              ],
              "value": "The recommended solution is to update the firmware to a version \u003e= V2.5.0 as soon as\npossible."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2023-35698",
        "datePublished": "2023-07-10T09:37:22.798Z",
        "dateReserved": "2023-06-15T11:32:19.767Z",
        "dateUpdated": "2026-06-01T12:11:21.524Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-35697 (GCVE-0-2023-35697)

    Vulnerability from cvelistv5 – Published: 2023-07-10 09:35 – Updated: 2026-06-01 12:12
    VLAI
    Summary
    Improper Restriction of Excessive Authentication Attempts in the SICK ICR890-4 could allow a remote attacker to brute-force user credentials.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-307 - Improper Restriction of Excessive Authentication Attempts
    Assigner
    Impacted products
    Vendor Product Version
    SICK AG ICR890-4 Affected: 0 , < 2.5.0 (*)
    Create a notification for this product.
    sick_ag icr890-4 Affected: 0 , < 2.5.0 (custom)
        cpe:2.3:a:sick_ag:icr890-4:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:30:44.508Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://sick.com/psirt"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf"
              },
              {
                "tags": [
                  "x_csaf",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sick_ag:icr890-4:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "icr890-4",
                "vendor": "sick_ag",
                "versions": [
                  {
                    "lessThan": "2.5.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-35697",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-12T14:11:42.784362Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-12T14:12:57.135Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "ICR890-4",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "2.5.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Restriction of Excessive Authentication Attempts in the SICK ICR890-4\ncould allow a remote attacker to brute-force user credentials."
                }
              ],
              "value": "Improper Restriction of Excessive Authentication Attempts in the SICK ICR890-4\ncould allow a remote attacker to brute-force user credentials."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-307",
                  "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T12:12:03.933Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf"
            },
            {
              "tags": [
                "x_csaf"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The recommended solution is to update the firmware to a version \u0026gt;= V2.5.0 as soon as\npossible.\n\n\u003cbr\u003e"
                }
              ],
              "value": "The recommended solution is to update the firmware to a version \u003e= V2.5.0 as soon as\npossible."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2023-35697",
        "datePublished": "2023-07-10T09:35:52.067Z",
        "dateReserved": "2023-06-15T11:32:19.767Z",
        "dateUpdated": "2026-06-01T12:12:03.933Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-35696 (GCVE-0-2023-35696)

    Vulnerability from cvelistv5 – Published: 2023-07-10 09:32 – Updated: 2026-06-01 12:12
    VLAI
    Summary
    Unauthenticated endpoints in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the device via HTTP requests.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-668 - Exposure of Resource to Wrong Sphere
    Assigner
    Impacted products
    Vendor Product Version
    SICK AG ICR890-4 Affected: 0 , < 2.5.0 (*)
    Create a notification for this product.
    sick_ag icr890-4 Affected: 0 , < 2.5.0 (custom)
        cpe:2.3:a:sick_ag:icr890-4:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:30:44.643Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://sick.com/psirt"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf"
              },
              {
                "tags": [
                  "x_csaf",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sick_ag:icr890-4:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "icr890-4",
                "vendor": "sick_ag",
                "versions": [
                  {
                    "lessThan": "2.5.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-35696",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-12T14:38:05.414683Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-12T14:38:32.412Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "ICR890-4",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "2.5.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Unauthenticated endpoints in the SICK ICR890-4 could allow an unauthenticated\nremote attacker to retrieve sensitive information about the device via HTTP requests."
                }
              ],
              "value": "Unauthenticated endpoints in the SICK ICR890-4 could allow an unauthenticated\nremote attacker to retrieve sensitive information about the device via HTTP requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-668",
                  "description": "CWE-668 Exposure of Resource to Wrong Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T12:12:37.020Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf"
            },
            {
              "tags": [
                "x_csaf"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The recommended solution is to update the firmware to a version \u0026gt;= V2.5.0 as soon as\npossible.\n\n\u003cbr\u003e"
                }
              ],
              "value": "The recommended solution is to update the firmware to a version \u003e= V2.5.0 as soon as\npossible."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2023-35696",
        "datePublished": "2023-07-10T09:32:57.842Z",
        "dateReserved": "2023-06-15T11:32:19.767Z",
        "dateUpdated": "2026-06-01T12:12:37.020Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-3273 (GCVE-0-2023-3273)

    Vulnerability from cvelistv5 – Published: 2023-07-10 09:31 – Updated: 2026-06-01 12:20
    VLAI
    Summary
    Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to affect the availability of the device by changing settings of the device such as the IP address based on missing access control.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    SICK AG ICR890-4 Affected: 0 , < 2.5.0 (*)
    Create a notification for this product.
    sick_ag icr890-4 Affected: 0 , < 2.5.0 (custom)
        cpe:2.3:a:sick_ag:icr890-4:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:48:08.408Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://sick.com/psirt"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf"
              },
              {
                "tags": [
                  "x_csaf",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sick_ag:icr890-4:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "icr890-4",
                "vendor": "sick_ag",
                "versions": [
                  {
                    "lessThan": "2.5.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3273",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-12T14:17:22.856069Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-12T14:17:56.263Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "ICR890-4",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "2.5.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to affect the availability of the device by changing settings of the device such as the IP\naddress based on missing access control."
                }
              ],
              "value": "Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to affect the availability of the device by changing settings of the device such as the IP\naddress based on missing access control."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T12:20:21.236Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf"
            },
            {
              "tags": [
                "x_csaf"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SICK recommends to disable port 2111 \u0026amp; 2122 once the SICK ICR890-4 is put into operation.\n\n\u003cbr\u003e"
                }
              ],
              "value": "SICK recommends to disable port 2111 \u0026 2122 once the SICK ICR890-4 is put into operation."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2023-3273",
        "datePublished": "2023-07-10T09:31:17.829Z",
        "dateReserved": "2023-06-15T11:32:34.499Z",
        "dateUpdated": "2026-06-01T12:20:21.236Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-3272 (GCVE-0-2023-3272)

    Vulnerability from cvelistv5 – Published: 2023-07-10 09:27 – Updated: 2026-06-01 12:18
    VLAI
    Summary
    Cleartext Transmission of Sensitive Information in the SICK ICR890-4 could allow a remote attacker to gather sensitive information by intercepting network traffic that is not encrypted.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    Impacted products
    Vendor Product Version
    SICK AG ICR890-4 Affected: 0 , < 2.5.0 (*)
    Create a notification for this product.
    sick_ag icr890-4 Affected: 0 , < 2.5.0 (custom)
        cpe:2.3:a:sick_ag:icr890-4:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:48:08.392Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://sick.com/psirt"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf"
              },
              {
                "tags": [
                  "x_csaf",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sick_ag:icr890-4:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "icr890-4",
                "vendor": "sick_ag",
                "versions": [
                  {
                    "lessThan": "2.5.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3272",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-12T14:18:17.926598Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-12T14:18:45.915Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "ICR890-4",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "2.5.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Cleartext Transmission of Sensitive Information in the SICK ICR890-4 could allow a\nremote attacker to gather sensitive information by intercepting network traffic that is not encrypted."
                }
              ],
              "value": "Cleartext Transmission of Sensitive Information in the SICK ICR890-4 could allow a\nremote attacker to gather sensitive information by intercepting network traffic that is not encrypted."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T12:18:35.427Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf"
            },
            {
              "tags": [
                "x_csaf"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SICK recommends to disable port 2111 \u0026amp; 2122 once the SICK ICR890-4 is put into operation.\n\n\u003cbr\u003e"
                }
              ],
              "value": "SICK recommends to disable port 2111 \u0026 2122 once the SICK ICR890-4 is put into operation."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2023-3272",
        "datePublished": "2023-07-10T09:27:46.002Z",
        "dateReserved": "2023-06-15T11:32:32.808Z",
        "dateUpdated": "2026-06-01T12:18:35.427Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-3271 (GCVE-0-2023-3271)

    Vulnerability from cvelistv5 – Published: 2023-07-10 09:26 – Updated: 2026-06-01 12:20
    VLAI
    Summary
    Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to gather information about the system and download data via the REST API by accessing unauthenticated endpoints.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    SICK AG ICR890-4 Affected: 0 , < 2.5.0 (*)
    Create a notification for this product.
    sick_ag icr890-4 Affected: 0 , < 2.5.0 (custom)
        cpe:2.3:a:sick_ag:icr890-4:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:48:08.371Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://sick.com/psirt"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf"
              },
              {
                "tags": [
                  "x_csaf",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sick_ag:icr890-4:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "icr890-4",
                "vendor": "sick_ag",
                "versions": [
                  {
                    "lessThan": "2.5.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3271",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-12T14:19:06.230650Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-12T14:19:30.590Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "ICR890-4",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "2.5.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to gather information about the system and download data via the REST API by accessing\nunauthenticated endpoints."
                }
              ],
              "value": "Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to gather information about the system and download data via the REST API by accessing\nunauthenticated endpoints."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T12:20:55.083Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf"
            },
            {
              "tags": [
                "x_csaf"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The recommended solution is to update the firmware to a version \u0026gt;= V2.5.0 as soon as\npossible.\n\n\u003cbr\u003e"
                }
              ],
              "value": "The recommended solution is to update the firmware to a version \u003e= V2.5.0 as soon as\npossible."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2023-3271",
        "datePublished": "2023-07-10T09:26:21.041Z",
        "dateReserved": "2023-06-15T11:32:31.460Z",
        "dateUpdated": "2026-06-01T12:20:55.083Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-3270 (GCVE-0-2023-3270)

    Vulnerability from cvelistv5 – Published: 2023-07-10 09:18 – Updated: 2026-06-01 12:19
    VLAI
    Summary
    Exposure of Sensitive Information to an Unauthorized Actor in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the system.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    SICK AG ICR890-4 Affected: 0 , < 2.5.0 (*)
    Create a notification for this product.
    sick_ag icr890-4 Affected: 0 , < 2.5.0 (custom)
        cpe:2.3:a:sick_ag:icr890-4:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:48:08.407Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://sick.com/psirt"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf"
              },
              {
                "tags": [
                  "x_csaf",
                  "x_transferred"
                ],
                "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sick_ag:icr890-4:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "icr890-4",
                "vendor": "sick_ag",
                "versions": [
                  {
                    "lessThan": "2.5.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3270",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-12T14:19:58.013611Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-12T14:20:22.953Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "ICR890-4",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "2.5.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "*"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Exposure of Sensitive Information to an Unauthorized Actor in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the system."
                }
              ],
              "value": "Exposure of Sensitive Information to an Unauthorized Actor in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T12:19:29.956Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf"
            },
            {
              "tags": [
                "x_csaf"
              ],
              "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SICK recommends to disable port 2111 \u0026amp; 2122 once the SICK ICR890-4 is put into operation."
                }
              ],
              "value": "SICK recommends to disable port 2111 \u0026 2122 once the SICK ICR890-4 is put into operation."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2023-3270",
        "datePublished": "2023-07-10T09:18:28.375Z",
        "dateReserved": "2023-06-15T11:32:12.485Z",
        "dateUpdated": "2026-06-01T12:19:29.956Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }