SICK Product Security Incident Response Team (SICK PSIRT)

SICK Security Advisories

SICK AG products and services are subject to the highest quality requirements. That is why cyber security is taken into account and tested in the development phase. To ensure that products and services are secure throughout their entire service life, reports on possible vulnerabilities are taken very seriously and handled with the greatest sense of responsibility. Uncovering vulnerabilities is understood as a common goal of different parties with the aim of offering our customers a consistently high level of security.

The SICK Product Security Incident Response Team (SICK PSIRT)

The SICK PSIRT is the central team of SICK AG which is authorized to answer reports regarding the cyber security of products, solutions and services as well as provide information. All reports concerning potential vulnerabilities or other security incidents connected to SICK AG products can be passed on to the SICK PSIRT.

The SICK PSIRT manages the inspection, internal coordination and disclosure of security vulnerabilities. A security advisory is issued for confirmed vulnerabilities as soon as a solution is available. If the situation requires, a security advisory with the measures to be taken is sent out before an update is available.

Reports on potential vulnerabilities or other incidents are more than welcome from anyone, regardless of their customer status. SICK AG respects and takes into account the different interests of reporters and encourages the reporting of information to the SICK PSIRT. The aim is to follow a process of coordinated disclosure of vulnerabilities (coordinated vulnerability disclosure).

Handling vulnerabilities is described in document “Vulnerability Handling Guideline”.

Reporting a vulnerability

The SICK PSIRT aims to process every vulnerability with confidentiality and professionalism together with the respective reporters. Neither a non-disclosure agreement (NDA) nor another type of contract is necessary or a requirement for collaboration.

Coordinated vulnerability reports from all members of the security community are greatly appreciated. These include security researchers, universities, CERTs, business partners, authorities, industry associations and suppliers.

Many SICK AG products fulfill important protective functions and are used in critical infrastructures. SICK AG therefore asks for cooperation when dealing with the coordinated disclosure of vulnerabilities and also requests that vulnerability information not be disclosed prematurely.

SICK AG requests that as much information as possible is provided in a report in order to speed up processing. This information should contain the following:

  • Contact information and availability
  • Affected product including model and version number
  • Classification of the vulnerability (buffer overflow, XSS, …)
  • Detailed description of the vulnerability (with verification if possible)
  • Effect of the vulnerability (if know)
  • Current level of awareness of the vulnerability (are there plans to disclose it?)
  • (Company) affiliation of the reporter (if reporter is prepared to provide such information)
  • CVSS score (if known)

If more information is necessary for the inspection of a vulnerability, the SICK PSIRT will contact the reporter.

If the reporter would like, he/she will be publicly acknowledged after disclosing a new vulnerability.

Contact information

Reports for the SICK PSIRT are to be sent to this address:

  • psirt@sick.de 
    (PGP Public Key with fingerprint: 7F26 510F D9D7 3F4E 17DE A093 7F83 3F8E)
  • Accepted languages: German and English
  • Transmission: Encryption preferred

Encrypted reports are preferred to protect sensitive information and data. German and English are accepted. 

The SICK PSIRT is happy to provide additional information about its operating principle or answer general questions about reports of vulnerabilities. If you have any other questions or concerns not related to security, we ask that you contact SICK AG customer service. The SICK PSIRT cannot provide in

Security Advisories

  • 2024
    IDTitleCVSS ScoreProductsDateDownload Signature
    SCA-2024-0001Vulnerability in SICK Logistics Analytics Products and SICK Field Analytics9.8SICK Baggage Analytics 4.5, SICK Field Analytics 1.2, SICK Logistics Diagnostic Analytics 4.5, SICK Package Analytics 4.5, SICK Tire Analytics 4.529.01.2024Download PDF Download JSONDownload
    SCA-2024-0002Vulnerability in SICK MSC8007.5SICK MSC80012.09.2024Download PDF
    Download JSON
    Download
    SCA-2024-0003Critical vulnerability in multiple SICK products9.1

    CLV6xx
    Lector6xx
    RFx6xx
     

     
     17.10.2024

    Download PDF

    Download JSON

    Download

     

  • 2023
    ID Title CVSS Score Products Date Download  Signature
    SCA-2023-0001 Bootloader mode vulnerability in Flexi Soft Gateways v3 9.1 SICK FX0-GENT00000 v3, SICK FX0-GENT00010 v3, SICK FX0-GPNT00000 v3, SICK FX0-GPNT00010 v3 20.02.2022 Download PDF Download JSON Download
    SCA-2023-002 Use of Telnet in multiple SICK Flexi Soft and Flexi Classic Gateways 9.8 SICK FX0-GENT000, SICK FX0-GENT0003000, SICK FX0-GMOD00000, SICK FX0-GMOD00010, SICK FX0-GPNT00000, SICK FX0-GPNT00030, SICK UE410-EN1, SICK UE410-EN3, SICK UE410-EN3S04, SICK UE410-EN4 11.04.2023 Download PDF Download JSON Download
    SCA-2023-0003 Vulnerability in SICK Flexi Soft and Flexi Classic Gateways 7.5 SICK FX0-GENT00000, SICK FX0-GENT00010, SICK FX0-GENT00030, SICK FX0-GMOD00000, SICK FX0-GMOD00010, SICK FX0-GPNT00000, SICK FX0-GPNT00010, SICK FX0-GPNT00030, SICK UE410-EN1 FLEXI, SICK UE410-EN3 FLEXI, SICK UE410-EN4 FLEXI 04.05.2023 Download PDF
    Download JSON
    Download
    SCA-2023-0004 Vulnerabilities in SICK FTMg 7.5 SICK FTMG-ESD15AXX, SICK FTMG-ESD20AXX, SICK FTMG-ESD25AXX, SICK FTMG-ESN40SXX, SICK FTMG-ESN50SXX, SICK FTMG-ESR40SXX, SICK FTMG-ESR50SXX 12.05.2023 Download PDF
    Download JSON
    Download
    SCA-2023-0005 Vulnerabilities in SICK EventCam App 9.8 SICK EventCam App 19.06.2023 Download PDF
    Download JSON
    Download
    SCA-2023-0006 Vulnerabilities in SICK ICR890-4 8.6 SICK ICR890-4 10.07.2023 Download PDF
    Download JSON
    Download
    SCA-2023-0007 Vulnerabilities in SICK LMS5xx 9.8 SICK LMS5xx 25.08.2023 Download PDF
    Download JSON
    Download
    SCA-2023-0008 Vulnerability in SICK SIM1012 9.8 SICK SIM1012 29.09.2023 Download PDF
    Download JSON
    Download
    SCA-2023-0009 Vulnerability in Wibu-Systems CodeMeter Runtime affects multiple SICK products 9.0 SICK AppEngine x86, SICK CODE-LOC, SICK FlowGate, SICK LiDAR-LOC, SICK SIM2000ST-E, SICK TDC-E 29.09.2023 Download PDF
    Download JSON
    Download
    SCA-2023-0010 Vulnerabilities in SICK Application Processing Unit 8.2 SICK APU0200 09.10.2023 Download PDF
    Download JSON
    Download
    SCA-2023-0011 Vulnerability in multiple SICK Flexi Soft Gateways 8.8 SICK FX0-GENT00000, SICK FX0-GENT00010, SICK FX0-GENT00030, SICK FX0-GETC00000, SICK FX0-GETC00010, SICK FX0-GMOD00000, SICK FX0-GMOD00010, SICK FX0-GMOD00030, SICK FX0-GPNT00000, SICK FX0-GPNT00010, SICK FX0-GPNT00030, SICK FX3-GEPR00000, SICK FX3-GEPR00010 23.10.2023 Download PDF
    Download JSON
    Download

     

  • 2022
    ID Title CVSS Score Products Date Download  Signature
    SCA-2022-0001 Vulnerability in SICK FieldEcho 9.1 SICK FieldEcho 17.02.2022 Download PDF Download JSON Download
    SCA-2022-0002 PwnKit vulnerability affects multiple SICK IPCs 7.8 Multiple SICK IPCs 23.02.2022 Download PDF Download JSON
    SCA-2022-0003 Vulnerabilities in SICK FTMg 5.8 SICK FTMg 31.03.2022 Download
    SCA-2022-0004    Microsoft vulnerability affects multiple SICK IPCs with SICK MEAC 4.8 SICK MEAC 11.04.2022 Download PDF Download JSON Download
    SCA-2022-0005 Vulnerability in SICK Overall Equipment Effectiveness 8.4 SICK Overall Equipment Effectiveness 11.04.2022 Download PDF Download JSON Download
    SCA-2022-0006 Vulnerability in SICK MSC800 5.4 SICK MSC800 11.04.2022 Download PDF Download JSON Download
    SCA-2022-007 Vulnerabilities in SICK MARSIC300 9.8 SICK MARSIC300 21.04.2022 Download PDF Download JSON Download
    SCA-2022-0008 Vulnerability in SICK Gateways for Flexi Soft, Flexi Compact, SICK EFI Gateway UE4740, SICK microScan3 and outdoorScan3 6.5 Flexi Soft, Flexi Compact and SICK EFI Gateway UE4740X0-GPNT, microScan3, outdoorScan3 29.04.2022 Download PDF Download JSON Download
    SCA-2022-0009 Vulnerability in SICK Flexi Soft PROFINET IO Gateway FX0-GPNT and SICK microScan3 PROFINET 7.5 FX0-GPNT, microScan3  PROFINET 29.04.2022 Download PDF Download JSON Download
    SCA-2022-0010 Vulnerability in SICK Flexi Soft Designer & Safety Designer 8.6 SICK Flexi Soft Designer SICK Safety Designer 16.05.2022 Download PDF Download JSON Download
    SCA-2022-0011 Vulnerabilities in SICK Package Analytics 9.8 SICK Package Analytics 08.06.2022 Download PDF Download JSON Download 
    SCA-2022-0012 OpenSSL vulnerability affects multiple SICK SIMs 7.5 SICK SIM4000, SICK SIM2000ST, SICK SIM2x00, SICK SIM2000-2 P Track &Trace, SICK SIM2000ST Track &Trace (2086501), SICK SIM2000ST Track &Trace (2086502), SICK SIM2000ST-E, SICK SIM1012, SICK SIM1004, SICK SIM1000 FX 08.08.2022 Download PDF Download JSON Download 
    SCA-2022-0013 Password recovery vulnerability affects multiple SICK SIMs 9.8 SICK SIM4000 (PPC),
    SICK SIM2000ST (LFT),
    SICK SIM2000ST (PPC),
    SICK SIM2x00 (ARM),
    SICK SIM1012,
    SICK SIM1004,
    SICK SIM1000 FX
    15.12.2022 Download PDF Download JSON Download 
    SCA-2022-0014 SICK FlexiCompact affected by Denial of Service vulnerability 5.9 SICK FlexiCompact 31.10.2022 Download PDF Download JSON Download 
    SCA-2022-0015 Use of a Broken or Risky Cryptographic Algorithm in SICK RFU6xx RADIOFREQUEN. SENSOR 4.2
    SICK AG RFU61x, 
    SICK AG RFU62x, 
    SICK AG RFU63x, 
    SICK AG RFU65x
    12.12.2022 Download PDF Download JSON Download 

     

  • 2021
    ID Title CVSS Score Products Date Download  Signature
    SCA-2021-0001 Inadequate SSH configuration in Visionary-S CX 3.7 SICK Visionary-S CX 25.06.2021 Download PDF Download JSON Download
    SCA-2021-0002 MEAC AFFECTED BY WINDOWS SMBv1 VULNERABILITY 8.1 MEAC2012    MEAC300 09.08.2021 Download PDF Download JSON Download
    SCA-2021-0003 SICK Security Advisory for Apache Log4j (CVE-2021-44228) 10.0 SICK FieldEcho Dashboard
    SICK AppManager
    SICK Function Block Factory
    14.12.2021 Download PDF Download JSON Download
    SCA-2021-0004 Vulnerabilities in SICK SOPAS ET 8.6 SICK SOPAS ET 17.12.2021 Download PDF Download JSON Download

     

  • 2020
    ID Title CVSS Score Products Date Download  Signature
    SCA-2020-0001 Security information regarding "Profile Programming" - CLV62x ... CLV65x 31.05.2020 Download PDFDownload JSON Download
    SCA-2020-0002 Vulnerabilities in SICK Package Analytics 9.1 SICK Package Analytics 28.07.2020 Download PDFDownload JSON Download
    SCA-2020-0003 MEAC AFFECTED BY WINDOWS SMB3 VULNERABILITY 10.0 SICK MEAC2020 & MEAC300 07.08.2020 Download PDFDownload JSON Download
    SCA-2020-0004 Vulnerability in platform mechanism AutoIP 7.5 Bulkscan LMS111 Bulkscan LMS511 CLV62x – CLV65x ICR890-3 LMS10x, LMS11x, LMS15x LMS12x, LMS13x, LMS14x LMS5xx, LMS53x MSC800 RFH 31.08.2020 Download PDFDownload JSON Download
    SCA-2020-0005 Package Analytics affected by Windows TCP/IP vulnerability 8.8 Package Analytics versions 4.0 <= 4.1.2 29.10.2020 Download PDFDownload JSON Download

     

  • 2019
    ID Title CVSS Score Products Date Download  Signature
    SCA-2019-0001 Use of hard-coded credentials in MSC800 9.8 MSC800 all versions 24.06.2019 Download PDFDownload JSON Download
    SCA-2019-0002 Vulnerability in FX0-GENT00000 and FX0-GPNT00000 7.5 FX0-GPNT00000 (1044074) FX0-GENT00000 (1044072) 20.09.2019 Download PDFDownload JSON Download

     

History

09/18/2024 - Update of the PGP Public Key. The previous key can be downloaded here.

09/22/2023 - Update of the PGP Public Key. The previous key can be downloaded here.

08/09/2022 - Update of the PGP Public Key. The previous key can be downloaded here.

09/21/2021 - Update of the PGP Public Key. The previous key can be downloaded here.

09/24/2020 - Update of the PGP Public Key. The previous key can be downloaded here.

18/10/2019 - Update of the PGP Public Key. The previous key can be downloaded here.

12/10/2018 - Introduction of the SICK PSIRT

Contact

SICK PSIRT – cyber security contact for SICK products

psirt@sick.de

Reports can be sent in German or English.

Security Advisories

SICK Security Advisories

If you prefer RSS to stay up-to-date, subscribe to our feed:

All SICK Security Advisories

Documents

PGP Public Key with fingerprint: 7F26 510F D9D7 3F4E 17DE A093 7F83 3F8E

Vulnerability Handling Guideline

Acknowledgments

Acknowledgments

Further information

BSI

ICS-Cert

ISA

IEC