Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

SICK AG — Vulnerabilities & Security Advisories 113

Browse all 113 CVE security advisories affecting SICK AG. AI-powered Chinese analysis, POCs, and references for each vulnerability.

SICK AG operates as a leading manufacturer of industrial sensors and safety systems, primarily serving automation and logistics sectors. Its product portfolio includes photoelectric sensors, laser scanners, and safety controllers designed for factory environments. Security analysis reveals a significant historical footprint of vulnerabilities, with 113 Common Vulnerabilities and Exposures (CVEs) currently documented. These flaws predominantly involve remote code execution, cross-site scripting, and privilege escalation, often stemming from web-based management interfaces or embedded software components. Notable incidents include critical flaws allowing unauthorized access to device configurations, potentially compromising industrial operations. The company has addressed many issues through firmware updates, yet the high volume of past vulnerabilities highlights persistent challenges in securing embedded industrial IoT devices. This track record underscores the necessity for rigorous security testing in critical infrastructure components, as exploitation could lead to operational disruptions or physical safety hazards in automated facilities.

Top products by SICK AG: TDC-X401GL Baggage Analytics APU0200 SICK Field Analytics SICK FTMG-ESD15AXX AIR FLOW SENSOR ICR890-4 SICK Media Server SICK InspectorP61x Enterprise Analytics LMS5xx Incoming Goods Suite TLOC100-100 all Firmware versions Field Analytics SICK DL100-2xxxxxxx SICK Lector85x SICK LMS1000 SICK Lector8xx EventCam App SICK FLX0-GPNT100 SICK FLX3-CPUC200 SICK multiScan1XX SICK MEAC300 SICK Incoming Goods Suite SICK CLV6xx SICK MSC800 TLOC100-100 with Firmware <7.1.1 TLOC100-100 FX0-GMOD00000 SIM1012 UE410-EN3 FLEXI ETHERNET GATEW.
CVE IDTitleCVSSSeverityPublished
CVE-2025-58587 Improper Restriction of Excessive Authentication Attempts — Baggage AnalyticsCWE-307 6.5 Medium2025-10-06
CVE-2025-58586 User Enumeration by excessive error output — Baggage AnalyticsCWE-204 5.3 Medium2025-10-06
CVE-2025-58585 Sensitive Information Disclosure Through Missing Authentication — Baggage AnalyticsCWE-497 5.3 Medium2025-10-06
CVE-2025-58584 Plain Text Transmission of Username and Password in the URL — Baggage AnalyticsCWE-598 5.3 Medium2025-10-06
CVE-2025-58583 User Enumeration — Enterprise AnalyticsCWE-497 5.3 Medium2025-10-06
CVE-2025-58582 Uncontrolled Resource Consumption via log file — Enterprise AnalyticsCWE-770 5.3 Medium2025-10-06
CVE-2025-58581 Information Disclosure Through Stacktrace-/MQTT/Config/changeAll — Enterprise AnalyticsCWE-200 4.3 Medium2025-10-06
CVE-2025-58580 Injection via log file — Enterprise AnalyticsCWE-117 6.5 Medium2025-10-06
CVE-2025-58578 Unlimited user creation by authorized users — Enterprise AnalyticsCWE-770 3.8 Low2025-10-06
CVE-2025-9914 SICK AG Baggage Analytics 安全漏洞 — Baggage AnalyticsCWE-288 4.3 Medium2025-10-06
CVE-2025-9913 Cross Site Scripting: Session Hijacking — Baggage AnalyticsCWE-79 4.5 Medium2025-10-06
CVE-2025-49200 Unencrypted backup contains sensitive information — SICK Field AnalyticsCWE-200 6.5 Medium2025-06-12
CVE-2025-49199 Backup files can be modified and uploaded — SICK Field AnalyticsCWE-345 8.8 High2025-06-12
CVE-2025-49198 Poor quality of randomness in authorization tokens — SICK Media ServerCWE-330 3.1 Low2025-06-12
CVE-2025-49197 Deprecated TLS version supported — SICK Media ServerCWE-328 6.5 Medium2025-06-12
CVE-2025-49196 Deprecated TLS version supported — SICK Field AnalyticsCWE-327 6.5 Medium2025-06-12
CVE-2025-49195 No protection against brute-force attacks — SICK Media ServerCWE-307 5.3 Medium2025-06-12
CVE-2025-49194 Unencrypted communication — SICK Media ServerCWE-319 7.5 High2025-06-12
CVE-2025-49193 Missing HTTP Security Headers — Field AnalyticsCWE-693 4.2 Medium2025-06-12
CVE-2025-49192 Clickjacking — SICK Field AnalyticsCWE-1021 4.3 Medium2025-06-12
CVE-2025-49191 Dashboards and iFrames can link malicious web content — SICK Field AnalyticsCWE-1021 4.8 Medium2025-06-12
CVE-2025-49190 Server-Side Request Forgery — SICK Field AnalyticsCWE-918 4.3 Medium2025-06-12
CVE-2025-49189 Cookie missing HttpOnly flag — SICK Media ServerCWE-1004 5.3 Medium2025-06-12
CVE-2025-49188 Sensitive Data in URL — SICK Field AnalyticsCWE-598 5.3 Medium2025-06-12
CVE-2025-49187 User enumeration — SICK Field AnalyticsCWE-204 5.3 Medium2025-06-12
CVE-2025-49186 No brute-force protection — Field AnalyticsCWE-307 5.3 Medium2025-06-12
CVE-2025-49185 Stored Cross-Site-Script — SICK Field AnalyticsCWE-79 5.5 Medium2025-06-12
CVE-2025-49184 Information disclosure to unauthorized user — Field AnalyticsCWE-200 7.5 High2025-06-12
CVE-2025-49183 Unencrypted communication (HTTP) — SICK Media ServerCWE-319 7.5 High2025-06-12
CVE-2025-49182 Credential disclosure — SICK Media ServerCWE-540 7.5 High2025-06-12

This page lists every published CVE security advisory associated with SICK AG. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.