Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for SICK Lector83x by SICK AG

    CVE-2026-2331 (GCVE-0-2026-2331)

    Vulnerability from nvd – Published: 2026-03-06 07:56 – Updated: 2026-03-09 21:04
    VLAI
    Title
    CVE-2026-2331
    Summary
    An attacker may perform unauthenticated read and write operations on sensitive filesystem areas via the AppEngine Fileaccess over HTTP due to improper access restrictions. A critical filesystem directory was unintentionally exposed through the HTTP-based file access feature, allowing access without authentication. This includes device parameter files, enabling an attacker to read and modify application settings, including customer-defined passwords. Additionally, exposure of the custom application directory may allow execution of arbitrary Lua code within the sandboxed AppEngine environment.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-552 - Files or Directories Accessible to External Parties
    Assigner
    References
    URL Tags
    https://www.sick.com/psirt x_SICK PSIRT Security Advisories
    https://www.sick.com/media/docs/9/19/719/special_… x_SICK Operating Guidelines
    https://www.cisa.gov/resources-tools/resources/ic… x_ICS-CERT recommended practices on Industrial Security
    https://www.first.org/cvss/calculator/3.1 x_CVSS v3.1 Calculator
    https://www.sick.com/.well-known/csaf/white/2026/… x_The canonical URL.
    https://www.sick.com/.well-known/csaf/white/2026/… vendor-advisory
    Impacted products
    Vendor Product Version
    SICK AG SICK Lector85x Affected: 2.6.0 , ≤ 2.7.0 (custom)
    Create a notification for this product.
    SICK AG SICK Lector83x Affected: 2.6.0 , ≤ 2.7.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2331",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-09T20:55:24.319999Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-09T21:04:31.505Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "SICK Lector85x",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThanOrEqual": "2.7.0",
                  "status": "affected",
                  "version": "2.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK Lector83x",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThanOrEqual": "2.7.0",
                  "status": "affected",
                  "version": "2.6.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn attacker may perform unauthenticated read and write operations on sensitive filesystem areas via the AppEngine Fileaccess over HTTP due to improper access restrictions. A critical filesystem directory was unintentionally exposed through the HTTP-based file access feature, allowing access without authentication. This includes device parameter files, enabling an attacker to read and modify application settings, including customer-defined passwords. Additionally, exposure of the custom application directory may allow execution of arbitrary Lua code within the sandboxed AppEngine environment.\u003c/p\u003e"
                }
              ],
              "value": "An attacker may perform unauthenticated read and write operations on sensitive filesystem areas via the AppEngine Fileaccess over HTTP due to improper access restrictions. A critical filesystem directory was unintentionally exposed through the HTTP-based file access feature, allowing access without authentication. This includes device parameter files, enabling an attacker to read and modify application settings, including customer-defined passwords. Additionally, exposure of the custom application directory may allow execution of arbitrary Lua code within the sandboxed AppEngine environment."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "environmentalScore": 9.8,
                "environmentalSeverity": "CRITICAL",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "temporalScore": 9.8,
                "temporalSeverity": "CRITICAL",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-552",
                  "description": "CWE-552 Files or Directories Accessible to External Parties",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-06T07:56:35.445Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "x_SICK PSIRT Security Advisories"
              ],
              "url": "https://www.sick.com/psirt"
            },
            {
              "tags": [
                "x_SICK Operating Guidelines"
              ],
              "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
            },
            {
              "tags": [
                "x_ICS-CERT recommended practices on Industrial Security"
              ],
              "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
            },
            {
              "tags": [
                "x_CVSS v3.1 Calculator"
              ],
              "url": "https://www.first.org/cvss/calculator/3.1"
            },
            {
              "tags": [
                "x_The canonical URL."
              ],
              "url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0006.json"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0006.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eUsers are strongly recommended to upgrade to release version 2.8.0.\u003c/p\u003e"
                }
              ],
              "value": "Users are strongly recommended to upgrade to release version 2.8.0."
            }
          ],
          "source": {
            "advisory": "SCA-2026-0006",
            "discovery": "INTERNAL"
          },
          "title": "CVE-2026-2331",
          "x_generator": {
            "engine": "csaf2cve 0.2.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2026-2331",
        "datePublished": "2026-03-06T07:56:35.445Z",
        "dateReserved": "2026-02-11T09:33:16.256Z",
        "dateUpdated": "2026-03-09T21:04:31.505Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2330 (GCVE-0-2026-2330)

    Vulnerability from nvd – Published: 2026-03-06 07:54 – Updated: 2026-03-09 21:04
    VLAI
    Title
    CVE-2026-2330
    Summary
    An attacker may access restricted filesystem areas on the device via the CROWN REST interface due to incomplete whitelist enforcement. Certain directories intended for internal testing were not covered by the whitelist and are accessible without authentication. An unauthenticated attacker could place a manipulated parameter file that becomes active after a reboot, allowing modification of critical device settings, including network configuration and application parameters.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-552 - Files or Directories Accessible to External Parties
    Assigner
    References
    URL Tags
    https://www.sick.com/psirt x_SICK PSIRT Security Advisories
    https://www.sick.com/media/docs/9/19/719/special_… x_SICK Operating Guidelines
    https://www.cisa.gov/resources-tools/resources/ic… x_ICS-CERT recommended practices on Industrial Security
    https://www.first.org/cvss/calculator/3.1 x_CVSS v3.1 Calculator
    https://www.sick.com/.well-known/csaf/white/2026/… x_The canonical URL.
    https://www.sick.com/.well-known/csaf/white/2026/… vendor-advisory
    Impacted products
    Vendor Product Version
    SICK AG SICK Lector85x Affected: 0 , < 2.8.0 (custom)
    Create a notification for this product.
    SICK AG SICK Lector83x Affected: 0 , < 2.8.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2330",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-09T20:56:25.769774Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-09T21:04:31.663Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "SICK Lector85x",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "2.8.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK Lector83x",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "2.8.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn attacker may access restricted filesystem areas on the device via the CROWN REST interface due to incomplete whitelist enforcement. Certain directories intended for internal testing were not covered by the whitelist and are accessible without authentication. An unauthenticated attacker could place a manipulated parameter file that becomes active after a reboot, allowing modification of critical device settings, including network configuration and application parameters.\u003c/p\u003e"
                }
              ],
              "value": "An attacker may access restricted filesystem areas on the device via the CROWN REST interface due to incomplete whitelist enforcement. Certain directories intended for internal testing were not covered by the whitelist and are accessible without authentication. An unauthenticated attacker could place a manipulated parameter file that becomes active after a reboot, allowing modification of critical device settings, including network configuration and application parameters."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "environmentalScore": 9.4,
                "environmentalSeverity": "CRITICAL",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "temporalScore": 9.4,
                "temporalSeverity": "CRITICAL",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-552",
                  "description": "CWE-552 Files or Directories Accessible to External Parties",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-06T07:54:45.958Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "x_SICK PSIRT Security Advisories"
              ],
              "url": "https://www.sick.com/psirt"
            },
            {
              "tags": [
                "x_SICK Operating Guidelines"
              ],
              "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
            },
            {
              "tags": [
                "x_ICS-CERT recommended practices on Industrial Security"
              ],
              "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
            },
            {
              "tags": [
                "x_CVSS v3.1 Calculator"
              ],
              "url": "https://www.first.org/cvss/calculator/3.1"
            },
            {
              "tags": [
                "x_The canonical URL."
              ],
              "url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0006.json"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0006.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eUsers are strongly recommended to upgrade to release version 2.8.0.\u003c/p\u003e"
                }
              ],
              "value": "Users are strongly recommended to upgrade to release version 2.8.0."
            }
          ],
          "source": {
            "advisory": "SCA-2026-0006",
            "discovery": "INTERNAL"
          },
          "title": "CVE-2026-2330",
          "x_generator": {
            "engine": "csaf2cve 0.2.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2026-2330",
        "datePublished": "2026-03-06T07:54:45.958Z",
        "dateReserved": "2026-02-11T09:33:15.947Z",
        "dateUpdated": "2026-03-09T21:04:31.663Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2331 (GCVE-0-2026-2331)

    Vulnerability from cvelistv5 – Published: 2026-03-06 07:56 – Updated: 2026-03-09 21:04
    VLAI
    Title
    CVE-2026-2331
    Summary
    An attacker may perform unauthenticated read and write operations on sensitive filesystem areas via the AppEngine Fileaccess over HTTP due to improper access restrictions. A critical filesystem directory was unintentionally exposed through the HTTP-based file access feature, allowing access without authentication. This includes device parameter files, enabling an attacker to read and modify application settings, including customer-defined passwords. Additionally, exposure of the custom application directory may allow execution of arbitrary Lua code within the sandboxed AppEngine environment.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-552 - Files or Directories Accessible to External Parties
    Assigner
    References
    URL Tags
    https://www.sick.com/psirt x_SICK PSIRT Security Advisories
    https://www.sick.com/media/docs/9/19/719/special_… x_SICK Operating Guidelines
    https://www.cisa.gov/resources-tools/resources/ic… x_ICS-CERT recommended practices on Industrial Security
    https://www.first.org/cvss/calculator/3.1 x_CVSS v3.1 Calculator
    https://www.sick.com/.well-known/csaf/white/2026/… x_The canonical URL.
    https://www.sick.com/.well-known/csaf/white/2026/… vendor-advisory
    Impacted products
    Vendor Product Version
    SICK AG SICK Lector85x Affected: 2.6.0 , ≤ 2.7.0 (custom)
    Create a notification for this product.
    SICK AG SICK Lector83x Affected: 2.6.0 , ≤ 2.7.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2331",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-09T20:55:24.319999Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-09T21:04:31.505Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "SICK Lector85x",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThanOrEqual": "2.7.0",
                  "status": "affected",
                  "version": "2.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK Lector83x",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThanOrEqual": "2.7.0",
                  "status": "affected",
                  "version": "2.6.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn attacker may perform unauthenticated read and write operations on sensitive filesystem areas via the AppEngine Fileaccess over HTTP due to improper access restrictions. A critical filesystem directory was unintentionally exposed through the HTTP-based file access feature, allowing access without authentication. This includes device parameter files, enabling an attacker to read and modify application settings, including customer-defined passwords. Additionally, exposure of the custom application directory may allow execution of arbitrary Lua code within the sandboxed AppEngine environment.\u003c/p\u003e"
                }
              ],
              "value": "An attacker may perform unauthenticated read and write operations on sensitive filesystem areas via the AppEngine Fileaccess over HTTP due to improper access restrictions. A critical filesystem directory was unintentionally exposed through the HTTP-based file access feature, allowing access without authentication. This includes device parameter files, enabling an attacker to read and modify application settings, including customer-defined passwords. Additionally, exposure of the custom application directory may allow execution of arbitrary Lua code within the sandboxed AppEngine environment."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "environmentalScore": 9.8,
                "environmentalSeverity": "CRITICAL",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "temporalScore": 9.8,
                "temporalSeverity": "CRITICAL",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-552",
                  "description": "CWE-552 Files or Directories Accessible to External Parties",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-06T07:56:35.445Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "x_SICK PSIRT Security Advisories"
              ],
              "url": "https://www.sick.com/psirt"
            },
            {
              "tags": [
                "x_SICK Operating Guidelines"
              ],
              "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
            },
            {
              "tags": [
                "x_ICS-CERT recommended practices on Industrial Security"
              ],
              "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
            },
            {
              "tags": [
                "x_CVSS v3.1 Calculator"
              ],
              "url": "https://www.first.org/cvss/calculator/3.1"
            },
            {
              "tags": [
                "x_The canonical URL."
              ],
              "url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0006.json"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0006.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eUsers are strongly recommended to upgrade to release version 2.8.0.\u003c/p\u003e"
                }
              ],
              "value": "Users are strongly recommended to upgrade to release version 2.8.0."
            }
          ],
          "source": {
            "advisory": "SCA-2026-0006",
            "discovery": "INTERNAL"
          },
          "title": "CVE-2026-2331",
          "x_generator": {
            "engine": "csaf2cve 0.2.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2026-2331",
        "datePublished": "2026-03-06T07:56:35.445Z",
        "dateReserved": "2026-02-11T09:33:16.256Z",
        "dateUpdated": "2026-03-09T21:04:31.505Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2330 (GCVE-0-2026-2330)

    Vulnerability from cvelistv5 – Published: 2026-03-06 07:54 – Updated: 2026-03-09 21:04
    VLAI
    Title
    CVE-2026-2330
    Summary
    An attacker may access restricted filesystem areas on the device via the CROWN REST interface due to incomplete whitelist enforcement. Certain directories intended for internal testing were not covered by the whitelist and are accessible without authentication. An unauthenticated attacker could place a manipulated parameter file that becomes active after a reboot, allowing modification of critical device settings, including network configuration and application parameters.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-552 - Files or Directories Accessible to External Parties
    Assigner
    References
    URL Tags
    https://www.sick.com/psirt x_SICK PSIRT Security Advisories
    https://www.sick.com/media/docs/9/19/719/special_… x_SICK Operating Guidelines
    https://www.cisa.gov/resources-tools/resources/ic… x_ICS-CERT recommended practices on Industrial Security
    https://www.first.org/cvss/calculator/3.1 x_CVSS v3.1 Calculator
    https://www.sick.com/.well-known/csaf/white/2026/… x_The canonical URL.
    https://www.sick.com/.well-known/csaf/white/2026/… vendor-advisory
    Impacted products
    Vendor Product Version
    SICK AG SICK Lector85x Affected: 0 , < 2.8.0 (custom)
    Create a notification for this product.
    SICK AG SICK Lector83x Affected: 0 , < 2.8.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2330",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-09T20:56:25.769774Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-09T21:04:31.663Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "SICK Lector85x",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "2.8.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "SICK Lector83x",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThan": "2.8.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn attacker may access restricted filesystem areas on the device via the CROWN REST interface due to incomplete whitelist enforcement. Certain directories intended for internal testing were not covered by the whitelist and are accessible without authentication. An unauthenticated attacker could place a manipulated parameter file that becomes active after a reboot, allowing modification of critical device settings, including network configuration and application parameters.\u003c/p\u003e"
                }
              ],
              "value": "An attacker may access restricted filesystem areas on the device via the CROWN REST interface due to incomplete whitelist enforcement. Certain directories intended for internal testing were not covered by the whitelist and are accessible without authentication. An unauthenticated attacker could place a manipulated parameter file that becomes active after a reboot, allowing modification of critical device settings, including network configuration and application parameters."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "environmentalScore": 9.4,
                "environmentalSeverity": "CRITICAL",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "temporalScore": 9.4,
                "temporalSeverity": "CRITICAL",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-552",
                  "description": "CWE-552 Files or Directories Accessible to External Parties",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-06T07:54:45.958Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "x_SICK PSIRT Security Advisories"
              ],
              "url": "https://www.sick.com/psirt"
            },
            {
              "tags": [
                "x_SICK Operating Guidelines"
              ],
              "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
            },
            {
              "tags": [
                "x_ICS-CERT recommended practices on Industrial Security"
              ],
              "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
            },
            {
              "tags": [
                "x_CVSS v3.1 Calculator"
              ],
              "url": "https://www.first.org/cvss/calculator/3.1"
            },
            {
              "tags": [
                "x_The canonical URL."
              ],
              "url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0006.json"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0006.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eUsers are strongly recommended to upgrade to release version 2.8.0.\u003c/p\u003e"
                }
              ],
              "value": "Users are strongly recommended to upgrade to release version 2.8.0."
            }
          ],
          "source": {
            "advisory": "SCA-2026-0006",
            "discovery": "INTERNAL"
          },
          "title": "CVE-2026-2330",
          "x_generator": {
            "engine": "csaf2cve 0.2.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2026-2330",
        "datePublished": "2026-03-06T07:54:45.958Z",
        "dateReserved": "2026-02-11T09:33:15.947Z",
        "dateUpdated": "2026-03-09T21:04:31.663Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }