Vulnerabilities in SICK AG
112 resultsCVE-2025-49193MEDIUMMissing HTTP Security HeadersEPSS 0.3%CVE-2026-22919LOWAn attacker with administrative access may inject malicious content into the login page, potentially enabling cross-site scripting (XSS) attEPSS 0.3%CVE-2025-49183HIGHUnencrypted communication (HTTP)EPSS 0.3%CVE-2025-49189MEDIUMCookie missing HttpOnly flagEPSS 0.3%CVE-2025-49197MEDIUMDeprecated TLS version supportedEPSS 0.2%CVE-2025-49185MEDIUMStored Cross-Site-ScriptEPSS 0.2%CVE-2023-4420CRITICALA remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TEPSS 0.2%CVE-2025-49196MEDIUMDeprecated TLS version supportedEPSS 0.2%CVE-2024-11075HIGHSICK Incoming Goods Suite privilege escalation vulnerabilityEPSS 0.2%CVE-2026-1627MEDIUMAn attacker may exploit the use of outdated and weak MAC algorithms in the device’s SSH service to potentially compromise the integrity of tEPSS 0.2%CVE-2026-1626MEDIUMAn attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of thEPSS 0.2%CVE-2023-35699MEDIUMCleartext Storage on Disk in the SICK ICR890-4 could allow an unauthenticated attacker with local access to the device to disclose sensitiveEPSS 0.2%