Summary: SICK, a prominent sensor manufacturer, has released a security advisory concerning multiple vulnerabilities in its MEAC300 programmable sensor devices. The vulnerabilities could lead to denial of service or allow attackers to execute arbitrary code. SICK is urging users to secure their network environments to mitigate associated risks.
Affected: SICK MEAC300 programmable sensor devices
Keypoints :
- Vulnerabilities tracked as CVE-2022-0778 (CVSS 7.5) and CVE-2025-0867 (CVSS 9.9) identified.
- CVE-2022-0778 can cause an infinite loop in the OpenSSL library, making devices unresponsive.
- CVE-2025-0867 allows access to affected devices via insufficiently protected credentials.
- SICK has yet to release firmware updates; recommends general security practices as a workaround.
- Users should review the advisory and take necessary precautions to protect their devices.