CRITICALCVE-2026-2330Published Modified CNA SICK AG
CVE-2026-2330: CVE-2026-2330
An attacker may access restricted filesystem areas on the device via the CROWN REST interface due to incomplete whitelist enforcement. Certain directories intended for internal testing were not covered by the whitelist and are accessible without authentication. An unauthenticated attacker could place a manipulated parameter file that becomes active after a reboot, allowing modification of critical device settings, including network configuration and application parameters.
Metrics
- CVSS v3.1
- 9.4
- Severity
- CRITICAL
- Fixed in
- 2.8.0
- Affected Products
- 2
Fix available
2.8.0
Affected packages
- SICK AG / SICK Lector85x< 2.8.0 (from 0)
- SICK AG / SICK Lector83x< 2.8.0 (from 0)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H