Sick Lms500_firmware
5 CVEs affecting Sick Lms500_firmware. Latest disclosed: 2023-08-24. Critical: 2, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-4420 | Critical | 9.8 | 2023-08-24 | A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK LMS… |
CVE-2023-4419 | Critical | 9.8 | 2023-08-24 | The LMS5xx uses hard-coded credentials, which potentially allow low-skilled unauthorized remote attackers to reconfigure settings and /or disrupt the functiona… |
CVE-2023-4418 | High | 7.5 | 2023-08-24 | A remote unprivileged attacker can sent multiple packages to the LMS5xx to disrupt its availability through a TCP SYN-based denial-of-service (DDoS) attack. B… |
CVE-2023-31412 | High | 7.5 | 2023-08-24 | The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an attacker manages to retrieve the hash, it could lead to collis… |
CVE-2020-2075 | High | 7.5 | 2020-08-31 | Platform mechanism AutoIP allows remote attackers to reboot the device via a crafted packet in SICK AG solutions Bulkscan LMS111, Bulkscan LMS511, CLV62x – CLV… |