Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-31409

Summary
Assigner-SICK AG
Assigner Org ID-a6863dd2-93fc-443d-bef1-79f0b5020988
Published At-15 May, 2023 | 10:55
Updated At-01 Jun, 2026 | 12:11
Rejected At-
Credits

Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an remote attacker to influence the availability of the webserver by invocing a Slowloris style attack via HTTP requests.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:SICK AG
Assigner Org ID:a6863dd2-93fc-443d-bef1-79f0b5020988
Published At:15 May, 2023 | 10:55
Updated At:01 Jun, 2026 | 12:11
Rejected At:
▼CVE Numbering Authority (CNA)

Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an remote attacker to influence the availability of the webserver by invocing a Slowloris style attack via HTTP requests.

Affected Products
Vendor
SICK AGSICK AG
Product
SICK FTMG-ESD15AXX AIR FLOW SENSOR
Default Status
affected
Versions
Affected
  • all firmware versions
Vendor
SICK AGSICK AG
Product
SICK FTMG-ESD20AXX AIR FLOW SENSOR
Default Status
affected
Versions
Affected
  • all firmware versions
Vendor
SICK AGSICK AG
Product
SICK FTMG-ESD25AXX AIR FLOW SENSOR
Default Status
affected
Versions
Affected
  • all firmware versions
Vendor
SICK AGSICK AG
Product
SICK FTMG-ESN40SXX AIR FLOW SENSOR
Default Status
affected
Versions
Affected
  • all firmware versions
Vendor
SICK AGSICK AG
Product
SICK FTMG-ESN50SXX AIR FLOW SENSOR
Default Status
affected
Versions
Affected
  • all firmware versions
Vendor
SICK AGSICK AG
Product
SICK FTMG-ESR40SXX AIR FLOW SENSOR
Default Status
affected
Versions
Affected
  • all firmware versions
Vendor
SICK AGSICK AG
Product
SICK FTMG-ESR50SXX AIR FLOW SENSOR
Default Status
affected
Versions
Affected
  • all firmware versions
Problem Types
TypeCWE IDDescription
CWECWE-400CWE-400 Uncontrolled Resource Consumption
Type: CWE
CWE ID: CWE-400
Description: CWE-400 Uncontrolled Resource Consumption
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Please make sure that you apply general security practices when operating the SICK FTMg like network segmentation. The following General Security Practices and Operating Guidelines could mitigate the associated security risk.

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://sick.com/psirt
issue-tracking
https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf
vendor-advisory
https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json
x_csaf
Hyperlink: https://sick.com/psirt
Resource:
issue-tracking
Hyperlink: https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf
Resource:
vendor-advisory
Hyperlink: https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json
Resource:
x_csaf
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://sick.com/psirt
issue-tracking
x_transferred
https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf
vendor-advisory
x_transferred
https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json
x_csaf
x_transferred
Hyperlink: https://sick.com/psirt
Resource:
issue-tracking
x_transferred
Hyperlink: https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf
Resource:
vendor-advisory
x_transferred
Hyperlink: https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json
Resource:
x_csaf
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@sick.de
Published At:15 May, 2023 | 11:15
Updated At:01 Jun, 2026 | 13:16

Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an remote attacker to influence the availability of the webserver by invocing a Slowloris style attack via HTTP requests.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches

SICK AG
sick
>>ftmg-esd20axx_firmware>>Versions before 2.0(exclusive)
cpe:2.3:o:sick:ftmg-esd20axx_firmware:*:*:*:*:*:*:*:*
SICK AG
sick
>>ftmg-esd20axx>>-
cpe:2.3:h:sick:ftmg-esd20axx:-:*:*:*:*:*:*:*
SICK AG
sick
>>ftmg-esd25axx_firmware>>Versions before 2.0(exclusive)
cpe:2.3:o:sick:ftmg-esd25axx_firmware:*:*:*:*:*:*:*:*
SICK AG
sick
>>ftmg-esd25axx>>-
cpe:2.3:h:sick:ftmg-esd25axx:-:*:*:*:*:*:*:*
SICK AG
sick
>>ftmg-esn40sxx_firmware>>Versions before 2.0(exclusive)
cpe:2.3:o:sick:ftmg-esn40sxx_firmware:*:*:*:*:*:*:*:*
SICK AG
sick
>>ftmg-esn40sxx>>-
cpe:2.3:h:sick:ftmg-esn40sxx:-:*:*:*:*:*:*:*
SICK AG
sick
>>ftmg-esn50sxx_firmware>>Versions before 2.0(exclusive)
cpe:2.3:o:sick:ftmg-esn50sxx_firmware:*:*:*:*:*:*:*:*
SICK AG
sick
>>ftmg-esn50sxx>>-
cpe:2.3:h:sick:ftmg-esn50sxx:-:*:*:*:*:*:*:*
SICK AG
sick
>>ftmg-esr50sxx_firmware>>Versions before 2.0(exclusive)
cpe:2.3:o:sick:ftmg-esr50sxx_firmware:*:*:*:*:*:*:*:*
SICK AG
sick
>>ftmg-esr50sxx>>-
cpe:2.3:h:sick:ftmg-esr50sxx:-:*:*:*:*:*:*:*
SICK AG
sick
>>ftmg-esr40sxx_firmware>>Versions before 2.0(exclusive)
cpe:2.3:o:sick:ftmg-esr40sxx_firmware:*:*:*:*:*:*:*:*
SICK AG
sick
>>ftmg-esr40sxx>>-
cpe:2.3:h:sick:ftmg-esr40sxx:-:*:*:*:*:*:*:*
SICK AG
sick
>>ftmg-esd15axx_firmware>>Versions before 2.0(exclusive)
cpe:2.3:o:sick:ftmg-esd15axx_firmware:*:*:*:*:*:*:*:*
SICK AG
sick
>>ftmg-esd15axx>>-
cpe:2.3:h:sick:ftmg-esd15axx:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-400Secondarypsirt@sick.de
CWE-400Primarynvd@nist.gov
CWE ID: CWE-400
Type: Secondary
Source: psirt@sick.de
CWE ID: CWE-400
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.jsonpsirt@sick.de
Vendor Advisory
https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdfpsirt@sick.de
Vendor Advisory
https://sick.com/psirtpsirt@sick.de
Vendor Advisory
https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.jsonaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdfaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://sick.com/psirtaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json
Source: psirt@sick.de
Resource:
Vendor Advisory
Hyperlink: https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf
Source: psirt@sick.de
Resource:
Vendor Advisory
Hyperlink: https://sick.com/psirt
Source: psirt@sick.de
Resource:
Vendor Advisory
Hyperlink: https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://sick.com/psirt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1541Records found

CVE-2023-23447
Matching Score-10
Assigner-SICK AG
ShareView Details
Matching Score-10
Assigner-SICK AG
CVSS Score-7.5||HIGH
EPSS-1.12% / 62.46%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 10:53
Updated-01 Jun, 2026 | 13:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to influence the availability of the webserver by invocing several open file requests via the REST interface.

Action-Not Available
Vendor-SICK AG
Product-ftmg-esd25axx_firmwareftmg-esr40sxx_firmwareftmg-esr50sxxftmg-esd15axx_firmwareftmg-esd20axx_firmwareftmg-esn50sxxftmg-esr40sxxftmg-esd25axxftmg-esr50sxx_firmwareftmg-esn50sxx_firmwareftmg-esn40sxx_firmwareftmg-esd20axxftmg-esn40sxxftmg-esd15axxSICK FTMG-ESD15AXX AIR FLOW SENSORSICK FTMG-ESR50SXX AIR FLOW SENSORSICK FTMG-ESR40SXX AIR FLOW SENSORSICK FTMG-ESN40SXX AIR FLOW SENSORSICK FTMG-ESD25AXX AIR FLOW SENSORSICK FTMG-ESD20AXX AIR FLOW SENSORSICK FTMG-ESN50SXX AIR FLOW SENSOR
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-32472
Matching Score-10
Assigner-SICK AG
ShareView Details
Matching Score-10
Assigner-SICK AG
CVSS Score-5.3||MEDIUM
EPSS-0.52% / 40.60%
||
7 Day CHG~0.00%
Published-28 Apr, 2025 | 12:04
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DoS attack by conducting a slowloris-type attack

The multiScan and picoScan are vulnerable to a denial-of-service (DoS) attack. A remote attacker can exploit this vulnerability by conducting a Slowloris-type attack, causing the web page to become unresponsive.

Action-Not Available
Vendor-SICK AG
Product-SICK picoScan1XXSICK multiScan1XX
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-4418
Matching Score-10
Assigner-SICK AG
ShareView Details
Matching Score-10
Assigner-SICK AG
CVSS Score-7.5||HIGH
EPSS-0.69% / 48.49%
||
7 Day CHG~0.00%
Published-24 Aug, 2023 | 18:05
Updated-01 Jun, 2026 | 12:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote unprivileged attacker can sent multiple packages to the LMS5xx to disrupt its availability through a TCP SYN-based denial-of-service (DDoS) attack. By exploiting this vulnerability, an attacker can flood the targeted LMS5xx with a high volume of TCP SYN requests, overwhelming its resources and causing it to become unresponsive or unavailable for legitimate users.

Action-Not Available
Vendor-SICK AG
Product-lms511_firmwarelms511lms500lms500_firmwarelms531_firmwarelms531LMS5xxlms5xx
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-3273
Matching Score-8
Assigner-SICK AG
ShareView Details
Matching Score-8
Assigner-SICK AG
CVSS Score-7.5||HIGH
EPSS-1.07% / 61.01%
||
7 Day CHG~0.00%
Published-10 Jul, 2023 | 09:31
Updated-01 Jun, 2026 | 13:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to affect the availability of the device by changing settings of the device such as the IP address based on missing access control.

Action-Not Available
Vendor-SICK AG
Product-icr890-4_firmwareicr890-4ICR890-4icr890-4
CWE ID-CWE-284
Improper Access Control
CVE-2023-31408
Matching Score-8
Assigner-SICK AG
ShareView Details
Matching Score-8
Assigner-SICK AG
CVSS Score-5.3||MEDIUM
EPSS-0.42% / 34.46%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 10:55
Updated-01 Jun, 2026 | 09:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to potentially steal user credentials that are stored in the user’s browsers local storage via cross-site-scripting attacks.

Action-Not Available
Vendor-SICK AG
Product-ftmg-esd25axx_firmwareftmg-esr40sxx_firmwareftmg-esr50sxxftmg-esd15axx_firmwareftmg-esd20axx_firmwareftmg-esn50sxxftmg-esr40sxxftmg-esd25axxftmg-esr50sxx_firmwareftmg-esn50sxx_firmwareftmg-esn40sxx_firmwareftmg-esd20axxftmg-esn40sxxftmg-esd15axxSICK FTMG-ESD15AXX AIR FLOW SENSORSICK FTMG-ESR50SXX AIR FLOW SENSORSICK FTMG-ESR40SXX AIR FLOW SENSORSICK FTMG-ESN40SXX AIR FLOW SENSORSICK FTMG-ESD25AXX AIR FLOW SENSORSICK FTMG-ESD20AXX AIR FLOW SENSORSICK FTMG-ESN50SXX AIR FLOW SENSOR
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2019-14753
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.16% / 63.70%
||
7 Day CHG~0.00%
Published-24 Sep, 2019 | 16:44
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SICK FX0-GPNT00000 and FX0-GENT00000 devices through 3.4.0 have a Buffer Overflow

Action-Not Available
Vendor-n/aSICK AG
Product-fx0-gpnt00000fx0-gpnt00000_firmwarefx0-gent00000fx0-gent00000_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-32470
Matching Score-8
Assigner-SICK AG
ShareView Details
Matching Score-8
Assigner-SICK AG
CVSS Score-7.5||HIGH
EPSS-0.54% / 41.78%
||
7 Day CHG~0.00%
Published-28 Apr, 2025 | 09:07
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated change of IP adress

A remote unauthenticated attacker may be able to change the IP adress of the device, and therefore affecting the availability of the device.

Action-Not Available
Vendor-SICK AG
Product-SICK FLX0-GPNT100SICK FLX3-CPUC200
CWE ID-CWE-284
Improper Access Control
CVE-2023-23444
Matching Score-8
Assigner-SICK AG
ShareView Details
Matching Score-8
Assigner-SICK AG
CVSS Score-7.5||HIGH
EPSS-1.17% / 63.88%
||
7 Day CHG~0.00%
Published-12 May, 2023 | 12:39
Updated-01 Jun, 2026 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Missing Authentication for Critical Function in SICK Flexi Classic and Flexi Soft Gateways with Partnumbers 1042193, 1042964, 1044078, 1044072, 1044073, 1044074, 1099830, 1099832, 1127717, 1069070, 1112296, 1051432, 1102420, 1127487, 1121596, 1121597 allows an unauthenticated remote attacker to influence the availability of the device by changing the IP settings of the device via broadcasted UDP packets.

Action-Not Available
Vendor-SICK AG
Product-ue410-en1fx0-gent00010_firmwareue410-en3fx0-gent00000_firmwareue410-en3_firmwarefx0-gpnt00010_firmwarefx0-gent00010fx0-gpnt00030fx0-gmod00000_firmwarefx0-gent00030ue410-en4_firmwarefx0-gent00030_firmwarefx0-gpnt00010ue410-en1_firmwarefx0-gmod00000fx0-gpnt00000_firmwarefx0-gmod00010ue410-en4fx0-gmod00010_firmwarefx0-gent00000fx0-gpnt00000fx0-gpnt00030_firmwareFX0-GPNT00030 FLEXISOFT PNET GATEW.V2FX0-GENT00030 FLEXISOFT EIP GATEW.V2 FirmwareUE410-EN1 FLEXI ETHERNET GATEW.FX0-GMOD00010 FLEXISOFT MOD GW (C)FX0-GETC00000 FLEXISOFT ETC GWFX3-GEPR00000 FLEXISOFT EFI-PRO GW FirmwareFX0-GENT00000 FLEXISOFT EIP GATEW. FirmwareFX0-GPNT00030 FLEXISOFT PNET GATEW.V2 FirmwareFX0-GENT00000 FLEXISOFT EIP GATEW.FX3-GEPR00000 FLEXISOFT EFI-PRO GWUE410-EN1 FLEXI ETHERNET GATEW. FirmwareFX3-GEPR00010 FLEXISOFT EFI-PRO GW FirmwareFX0-GETC00010 FLEXISOFT ETC GW (C) FirmwareFX0-GENT00010 FLEXISOFT EIP GW (C) FirmwareFX0-GPNT00010 FLEXISOFT PNET GW (C)FX0-GETC00040 FLEXISOFT ETC GWUE410-EN4 FLEXI ETHERNET GATEW. FirmwareFX0-GENT00030 FLEXISOFT EIP GATEW.V2FX0-GPNT00010 FLEXISOFT PNET GW (C) FirmwareUE410-EN3 FLEXI ETHERNET GATEW.FX0-GETC00010 FLEXISOFT ETC GW (C)FX0-GPNT00000 FLEXISOFT PNET GATEW.FX0-GPNT00000 FLEXISOFT PNET GATEW. FirmwareFX0-GETC00040 FLEXISOFT ETC GW FirmwareFX0-GENT00010 FLEXISOFT EIP GW (C)FX0-GMOD00000 FLEXISOFT MOD GATEW. FirmwareFX0-GMOD00000 FLEXISOFT MOD GATEW.FX0-GMOD00010 FLEXISOFT MOD GW (C) FirmwareUE410-EN3 FLEXI ETHERNET GATEW. FirmwareFX3-GEPR00010 FLEXISOFT EFI-PRO GWUE410-EN4 FLEXI ETHERNET GATEW.FX0-GETC00000 FLEXISOFT ETC GW Firmware
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-8751
Matching Score-8
Assigner-SICK AG
ShareView Details
Matching Score-8
Assigner-SICK AG
CVSS Score-7.5||HIGH
EPSS-0.93% / 56.48%
||
7 Day CHG+0.25%
Published-12 Sep, 2024 | 21:38
Updated-16 Jul, 2026 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2024-8751

A vulnerability allows a remote unauthenticated attacker to modify the prod uct’s IP address over the Sopas ET interface. This can lead to a Denial of Service attack.

Action-Not Available
Vendor-Endress+HauserSICK AG
Product-MERCEM300ZMARSIC280GMS800 FIDORMCU ETH-Service and Modbus-TCP ModuleSIPROCESSMARSIC300MSC800MCS300PGM32VICOTEC320MCS200HWGMS800MARSIC200MCS100FTFLPSMES1B B&B ConverterSAM800msc800_firmware
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-22917
Matching Score-8
Assigner-SICK AG
ShareView Details
Matching Score-8
Assigner-SICK AG
CVSS Score-4.3||MEDIUM
EPSS-0.51% / 40.03%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 13:07
Updated-23 Jan, 2026 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input handling in a system endpoint may allow attackers to overload resources, causing a denial of service.

Action-Not Available
Vendor-SICK AG
Product-tdc-x401gltdc-x401gl_firmwareTDC-X401GL
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-22909
Matching Score-8
Assigner-SICK AG
ShareView Details
Matching Score-8
Assigner-SICK AG
CVSS Score-7.5||HIGH
EPSS-0.51% / 40.11%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 13:01
Updated-23 Jan, 2026 | 15:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain system functions may be accessed without proper authorization, allowing attackers to start, stop, or delete installed applications, potentially disrupting system operations.

Action-Not Available
Vendor-SICK AG
Product-tdc-x401gltdc-x401gl_firmwareTDC-X401GL
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-58582
Matching Score-8
Assigner-SICK AG
ShareView Details
Matching Score-8
Assigner-SICK AG
CVSS Score-5.3||MEDIUM
EPSS-0.52% / 40.46%
||
7 Day CHG~0.00%
Published-06 Oct, 2025 | 06:50
Updated-27 Jan, 2026 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uncontrolled Resource Consumption via log file

If a user tries to login but the provided credentials are incorrect a log is created. The data for this POST requests is not validated and it’s possible to send giant payloads which are then logged.

Action-Not Available
Vendor-SICK AG
Product-enterprise_analyticsEnterprise Analytics
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-59463
Matching Score-8
Assigner-SICK AG
ShareView Details
Matching Score-8
Assigner-SICK AG
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 29.62%
||
7 Day CHG~0.00%
Published-27 Oct, 2025 | 10:14
Updated-03 Nov, 2025 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-service (DoS) via chunk size mismatch

An attacker may cause chunk-size mismatches that block file transfers and prevent subsequent transfers.

Action-Not Available
Vendor-SICK AG
Product-tloc100-100tloc100-100_firmwareTLOC100-100 all Firmware versions
CWE ID-CWE-833
Deadlock
CVE-2025-59459
Matching Score-8
Assigner-SICK AG
ShareView Details
Matching Score-8
Assigner-SICK AG
CVSS Score-5.5||MEDIUM
EPSS-0.32% / 23.53%
||
7 Day CHG~0.00%
Published-27 Oct, 2025 | 10:09
Updated-27 Feb, 2026 | 08:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-service (DoS) via resource consumption

An attacker that gains SSH access to an unprivileged account may be able to disrupt services (including SSH), causing persistent loss of availability.

Action-Not Available
Vendor-SICK AG
Product-tloc100-100tloc100-100_firmwareTLOC100-100
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-59462
Matching Score-8
Assigner-SICK AG
ShareView Details
Matching Score-8
Assigner-SICK AG
CVSS Score-6.5||MEDIUM
EPSS-0.50% / 39.40%
||
7 Day CHG~0.00%
Published-27 Oct, 2025 | 10:12
Updated-03 Nov, 2025 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-service (DoS) via delayed or missing client response

An attacker who tampers with the C++ CLI client may crash the UpdateService during file transfers, disrupting updates and availability.

Action-Not Available
Vendor-SICK AG
Product-tloc100-100tloc100-100_firmwareTLOC100-100 all Firmware versions
CWE ID-CWE-248
Uncaught Exception
CVE-2020-2075
Matching Score-8
Assigner-SICK AG
ShareView Details
Matching Score-8
Assigner-SICK AG
CVSS Score-7.5||HIGH
EPSS-1.43% / 70.04%
||
7 Day CHG~0.00%
Published-31 Aug, 2020 | 17:09
Updated-04 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Platform mechanism AutoIP allows remote attackers to reboot the device via a crafted packet in SICK AG solutions Bulkscan LMS111, Bulkscan LMS511, CLV62x – CLV65x, ICR890-3, LMS10x, LMS11x, LMS15x, LMS12x, LMS13x, LMS14x, LMS5xx, LMS53x, MSC800, RFH.

Action-Not Available
Vendor-n/aSICK AG
Product-icr890-3.5_firmwarelms511_firmwarelms511msc800lms153_firmwareclv642_firmwarelms142_firmwarelms122lms133clv631_firmwarelms531clv650_firmwareclv622_firmwareclv621lms100_firmwareclv632_firmwareclv620_firmwarelms131clv631clv640_firmwarelms131_firmwarelms111lms141icr890-3clv630clv651lms101_firmwarelms122_firmwarelms133_firmwareicr890-3_firmwarelms123_firmwarelms151clv632clv640clv620lms121_firmwarelms142lms141_firmwareclv622clv651_firmwarelms143_firmwarelms500lms500_firmwarerfhlms100lms531_firmwarelms111_firmwarelms121lms123clv621_firmwareclv630_firmwareclv642lms101lms153icr890-3.5lms143clv650lms151_firmwaremsc800_firmwarerfh_firmwareBulkscan LMS111; Bulkscan LMS511; CLV62x – CLV65x; ICR890-3; LMS10x, LMS11x, LMS15x; LMS12x, LMS13x, LMS14x; LMS5xx, LMS53x; MSC800; RFH
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2021-32503
Matching Score-6
Assigner-SICK AG
ShareView Details
Matching Score-6
Assigner-SICK AG
CVSS Score-4.9||MEDIUM
EPSS-0.80% / 52.41%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 22:17
Updated-03 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch further attacks on the system.

Action-Not Available
Vendor-n/aSICK AG
Product-ftmgftmg_firmwareSICK FTMg
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-57440
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.26% / 17.29%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 00:00
Updated-28 Oct, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Blackmagic ATEM Mini Pro 2.7 exposes an undocumented Telnet service on TCP port 9993, which accepts unauthenticated plaintext commands for controlling streaming, recording, formatting storage devices, and system reboot. This interface, referred to as the "ATEM Ethernet Protocol 1.0", provides complete device control without requiring credentials or encryption. An attacker on the same network (or with remote access to the exposed port) can exploit this interface to execute arbitrary streaming commands, erase disks, or shut down the device - effectively gaining full remote control.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-21680
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-2.83% / 85.03%
||
7 Day CHG~0.00%
Published-14 Jan, 2022 | 00:00
Updated-22 Apr, 2025 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cubic catastrophic backtracking (ReDoS) in marked

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.

Action-Not Available
Vendor-marked_projectmarkedjsFedora Project
Product-markedfedoramarked
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-56352
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 19.83%
||
7 Day CHG~0.00%
Published-18 May, 2026 | 00:00
Updated-18 May, 2026 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), the broker mishandles protocol violations during CONNECT packet parsing. When receiving a CONNECT packet with a zero-length Client ID while CleanSession is set to 0, the broker correctly replies with a CONNACK return code 0x02 (Identifier Rejected) but fails to explicitly close the TCP connection. Since the surrounding connection teardown logic is not guaranteed to execute, each such invalid CONNECT attempt leaves the underlying socket open. Repeated attempts cause server-side resource exhaustion due to accumulating file descriptors and memory usage, potentially resulting in denial of service.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-56234
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.31% / 23.27%
||
7 Day CHG~0.00%
Published-29 Sep, 2025 | 00:00
Updated-28 Oct, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AT_NA2000 from Nanda Automation Technology vendor has a denial-of-service vulnerability. For the processing of TCP RST packets, PLC AT_NA2000 has a wide acceptable range of sequence numbers. It does not require the sequence number to exactly match the next expected sequence value, just to be within the current receive window, which violates RFC5961. This flaw allows attackers to send multiple random TCP RST packets to hit the acceptable range of sequence numbers, thereby interrupting normal connections and causing a denial-of-service attack.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-21653
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.79% / 52.27%
||
7 Day CHG~0.00%
Published-05 Jan, 2022 | 21:00
Updated-22 Apr, 2025 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hash collision in typelevel jawn

Jawn is an open source JSON parser. Extenders of the `org.typelevel.jawn.SimpleFacade` and `org.typelevel.jawn.MutableFacade` who don't override `objectContext()` are vulnerable to a hash collision attack which may result in a denial of service. Most applications do not implement these traits directly, but inherit from a library. `jawn-parser-1.3.1` fixes this issue and users are advised to upgrade. For users unable to upgrade override `objectContext()` to use a collision-safe collection.

Action-Not Available
Vendor-typeleveltypelevel
Product-jawnjawn
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2025-56424
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.50% / 39.49%
||
7 Day CHG~0.00%
Published-08 Jan, 2026 | 00:00
Updated-12 Jan, 2026 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Insiders Technologies GmbH e-invoice pro before release 1 Service Pack 2 allows a remote attacker to cause a denial of service via a crafted script

Action-Not Available
Vendor-insiders-technologiesn/a
Product-e-invoice_pron/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-55796
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.58% / 43.77%
||
7 Day CHG+0.05%
Published-18 Nov, 2025 | 00:00
Updated-08 Jan, 2026 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The openml/openml.org web application version v2.0.20241110 uses predictable MD5-based tokens for critical user workflows such as signup confirmation, password resets, email confirmation resends, and email change confirmation. These tokens are generated by hashing the current timestamp formatted as "%d %H:%M:%S" without incorporating any user-specific data or cryptographic randomness. This predictability allows remote attackers to brute-force valid tokens within a small time window, enabling unauthorized account confirmation, password resets, and email change approvals, potentially leading to account takeover.

Action-Not Available
Vendor-openmln/a
Product-openml.orgn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-15166
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-3.41% / 87.54%
||
7 Day CHG~0.00%
Published-11 Sep, 2020 | 15:35
Updated-04 Aug, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service in ZeroMQ

In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library, but the server application never receives them. This is patched in version 4.3.3.

Action-Not Available
Vendor-zeromqzeromqDebian GNU/LinuxFedora Project
Product-debian_linuxfedoralibzmqlibzmq
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2016-8858
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-29.46% / 97.97%
||
7 Day CHG~0.00%
Published-09 Dec, 2016 | 00:00
Updated-29 May, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue."

Action-Not Available
Vendor-n/aOpenBSD
Product-opensshn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-56572
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.50% / 39.27%
||
7 Day CHG~0.00%
Published-30 Sep, 2025 | 00:00
Updated-05 Jul, 2026 | 02:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in finance.js v.4.1.0 allows a remote attacker to cause a denial of service via the seekZero() parameter.

Action-Not Available
Vendor-ebradyjoboryn/a
Product-finance.jsn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-55558
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.42% / 34.10%
||
7 Day CHG~0.00%
Published-25 Sep, 2025 | 00:00
Updated-03 Oct, 2025 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a Denial of Service (DoS).

Action-Not Available
Vendor-n/aThe Linux Foundation
Product-pytorchn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-14190
Matching Score-4
Assigner-Atlassian
ShareView Details
Matching Score-4
Assigner-Atlassian
CVSS Score-7.5||HIGH
EPSS-1.21% / 65.09%
||
7 Day CHG~0.00%
Published-25 Nov, 2020 | 22:40
Updated-16 Sep, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4.

Action-Not Available
Vendor-Atlassian
Product-fisheyecrucibleFisheyeCrucible
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-21293
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-8.35% / 94.33%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 11:23
Updated-27 May, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Oracle CorporationNetApp, Inc.Debian GNU/LinuxFedora Project
Product-cloud_secure_agentsantricity_unified_managerhci_management_nodeoncommand_workflow_automationsolidfirejdk7-mode_transition_toolgraalvmdebian_linuxopenjdksnapmanagere-series_santricity_web_servicese-series_santricity_storage_managerjreoncommand_insightsantricity_storage_plugine-series_santricity_os_controlleractive_iq_unified_managerfedoracloud_insights_acquisition_unitJava SE JDK and JRE
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-14522
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-1.49% / 71.12%
||
7 Day CHG~0.00%
Published-25 Aug, 2020 | 13:35
Updated-16 Sep, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Softing Industrial Automation OPC

Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to uncontrolled resource consumption, which may allow an attacker to cause a denial-of-service condition.

Action-Not Available
Vendor-softingSofting Industrial Automation all versions prior to the latest build of version 4.47.0
Product-opcOPC
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-14384
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.36% / 68.54%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 13:17
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple requests with invalid payload length in a WebSocket frame. The highest threat from this vulnerability is to system availability.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-jboss_enterprise_application_platformjbosswebJBossWeb
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-14326
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.22% / 65.33%
||
7 Day CHG+0.01%
Published-02 Jun, 2021 | 11:23
Updated-04 Aug, 2024 | 12:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an attacker to cause a denial of service.

Action-Not Available
Vendor-n/aRed Hat, Inc.NetApp, Inc.
Product-resteasyintegration_camel_koncommand_insightRESTEasy
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-35767
Matching Score-4
Assigner-Perforce
ShareView Details
Matching Score-4
Assigner-Perforce
CVSS Score-7.5||HIGH
EPSS-0.95% / 57.19%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 15:31
Updated-11 Nov, 2024 | 14:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Remote Denial-of-Service via Shutdown Function in Helix Core

In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Jason Geffner.  

Action-Not Available
Vendor-Perforce Software, Inc.
Product-helix_coreHelix SwarmHelix Corehelix_core
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-13809
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.53% / 71.94%
||
7 Day CHG~0.00%
Published-04 Jun, 2020 | 14:50
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via long strings in the content stream.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-phantompdfreadern/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-13849
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.00% / 78.53%
||
7 Day CHG~0.00%
Published-04 Jun, 2020 | 20:16
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The MQTT protocol 3.1.1 requires a server to set a timeout value of 1.5 times the Keep-Alive value specified by a client, which allows remote attackers to cause a denial of service (loss of the ability to establish new connections), as demonstrated by SlowITe.

Action-Not Available
Vendor-mqttn/a
Product-mqttn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-13815
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.53% / 71.94%
||
7 Day CHG~0.00%
Published-04 Jun, 2020 | 15:37
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It allows stack consumption via a loop of an indirect object reference.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-phantompdfreadern/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-55551
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.39% / 31.37%
||
7 Day CHG~0.00%
Published-25 Sep, 2025 | 00:00
Updated-03 Oct, 2025 | 17:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.

Action-Not Available
Vendor-n/aThe Linux Foundation
Product-pytorchn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-12667
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.62% / 83.73%
||
7 Day CHG~0.00%
Published-19 May, 2020 | 00:00
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

Action-Not Available
Vendor-nicn/anic
Product-knot_resolvern/aknot_resolver
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-13623
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.15% / 63.35%
||
7 Day CHG~0.00%
Published-26 May, 2020 | 23:15
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JerryScript 2.2.0 allows attackers to cause a denial of service (stack consumption) via a proxy operation.

Action-Not Available
Vendor-jerryscriptn/a
Product-jerryscriptn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-13238
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.34% / 87.28%
||
7 Day CHG~0.00%
Published-10 Jun, 2020 | 19:53
Updated-04 Aug, 2024 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack consumes excessive CPU time. After halting, physical access to the PLC is required in order to restore production.

Action-Not Available
Vendor-n/aMitsubishi Electric Corporation
Product-melsec_iq-r01cpu_firmwaremelsec_iq-r120fcpumelsec_iq-r32cpu_firmwaremelsec_iq-r08fcpumelsec_iq-r16cpumelsec_iq-r32pcpu_firmwaremelsec_iq-r32pcpumelsec_iq-r32cpumelsec_iq-r32fcpu_firmwaremelsec_iq-r08sfcpu_firmwaremelsec_iq-r04cpu_firmwaremelsec_iq-r08pcpumelsec_iq-r16cpu_firmwaremelsec_iq-rj71en71_firmwaremelsec_iq-r120pcpu_firmwaremelsec_iq-r00cpumelsec_iq-r16fcpu_firmwaremelsec_iq-r08cpumelsec_iq-r00cpu_firmwaremelsec_iq-r16sfcpumelsec_iq-r32fcpumelsec_iq-rj71en71melsec_iq-r16pcpumelsec_iq-r16pcpu_firmwaremelsec_iq-r120sfcpumelsec_iq-r120sfcpu_firmwaremelsec_iq-r120cpumelsec_iq-r32sfcpu_firmwaremelsec_iq-r16fcpumelsec_iq-r08cpu_firmwaremelsec_iq-r08pcpu_firmwaremelsec_iq-r120cpu_firmwaremelsec_iq-r01cpumelsec_iq-r02cpumelsec_iq-r08fcpu_firmwaremelsec_iq-r02cpu_firmwaremelsec_iq-r120pcpumelsec_iq-r16sfcpu_firmwaremelsec_iq-r32sfcpumelsec_iq-r120fcpu_firmwaremelsec_iq-r04cpumelsec_iq-r08sfcpun/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-12662
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.17% / 86.59%
||
7 Day CHG~0.00%
Published-19 May, 2020 | 13:50
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

Action-Not Available
Vendor-nlnetlabsn/aCanonical Ltd.openSUSEFedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxfedoraunboundleapn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-12739
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.95% / 77.97%
||
7 Day CHG~0.00%
Published-03 Aug, 2020 | 16:35
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial-of-service vulnerability in the Fanuc i Series CNC (0i-MD and 0i Mate-MD) could allow an unauthenticated, remote attacker to cause an affected CNC to become inaccessible to other devices.

Action-Not Available
Vendor-fanucn/a
Product-series_31iseries_30iseries_35i-bseries_0i-model_b_firmwareseries_35i-b_firmwarepower_motion_i-model_aseries_16iseries_18iseries_18i_firmwareseries_0i-model_f_plus_firmwareseries_0i-model_dseries_0i-model_fseries_16i_firmwareseries_0i-mate_d_firmwareseries_0i-model_cseries_31i_firmwareseries_0i-model_f_plusseries_0i-mate_dseries_0i-model_d_firmwareseries_32i-b_plusseries_0i-model_f_firmwareseries_0i-model_bpower_motion_i-model_a_firmwareseries_32i-model_aseries_21i-model_b_firmwareseries_21i-model_bseries_18i-wbseries_0i-model_c_firmwareseries_18i-wb_firmwareseries_32i-b_plus_firmwareseries_32i-model_a_firmwareseries_30i_firmwaren/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-55102
Matching Score-4
Assigner-Eclipse Foundation
ShareView Details
Matching Score-4
Assigner-Eclipse Foundation
CVSS Score-8.7||HIGH
EPSS-0.36% / 28.20%
||
7 Day CHG~0.00%
Published-27 Jan, 2026 | 15:25
Updated-02 Apr, 2026 | 20:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial-of-service vulnerability exists in the NetX IPv6 component functionality of Eclipse ThreadX NetX Duo. A specially crafted network packet of "Packet Too Big" with more than 15 different source address can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-threadx_netx_duoEclipse ThreadX - NetX Duo
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2020-12603
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.45% / 70.38%
||
7 Day CHG~0.00%
Published-01 Jul, 2020 | 13:53
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses with many small (i.e. 1 byte) data frames.

Action-Not Available
Vendor-envoyproxyn/a
Product-envoyn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-54605
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.39% / 31.65%
||
7 Day CHG~0.00%
Published-28 Oct, 2025 | 00:00
Updated-07 Nov, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 2 of 2).

Action-Not Available
Vendor-n/aBitcoin Wiki
Product-bitcoin_coren/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-55588
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.37% / 29.34%
||
7 Day CHG~0.00%
Published-18 Aug, 2025 | 00:00
Updated-21 Aug, 2025 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the fw_ip parameter at /boafrm/formPortFw. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3002ra3002r_firmwaren/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-54472
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-1.20% / 64.78%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 09:05
Updated-04 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache bRPC: Redis Parser Remote Denial of Service

Unlimited memory allocation in redis protocol parser in Apache bRPC (all versions < 1.14.1) on all platforms allows attackers to crash the service via network. Root Cause: In the bRPC Redis protocol parser code, memory for arrays or strings of corresponding sizes is allocated based on the integers read from the network. If the integer read from the network is too large, it may cause a bad alloc error and lead to the program crashing. Attackers can exploit this feature by sending special data packets to the bRPC service to carry out a denial-of-service attack on it. The bRPC 1.14.0 version tried to fix this issue by limited the memory allocation size, however, the limitation checking code is not well implemented that may cause integer overflow and evade such limitation. So the 1.14.0 version is also vulnerable, although the integer range that affect version 1.14.0 is different from that affect version < 1.14.0. Affected scenarios: Using bRPC as a Redis server to provide network services to untrusted clients, or using bRPC as a Redis client to call untrusted Redis services. How to Fix: we provide two methods, you can choose one of them: 1. Upgrade bRPC to version 1.14.1. 2. Apply this patch ( https://github.com/apache/brpc/pull/3050 ) manually. No matter you choose which method, you should note that the patch limits the maximum length of memory allocated for each time in the bRPC Redis parser. The default limit is 64M. If some of you redis request or response have a size larger than 64M, you might encounter error after upgrade. For such case, you can modify the gflag redis_max_allocation_size to set a larger limit.

Action-Not Available
Vendor-The Apache Software Foundation
Product-brpcApache bRPC
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-55586
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.37% / 29.34%
||
7 Day CHG~0.00%
Published-18 Aug, 2025 | 00:00
Updated-21 Aug, 2025 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the url parameter at /boafrm/formFilter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3002ra3002r_firmwaren/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-54796
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.40% / 32.05%
||
7 Day CHG~0.00%
Published-01 Aug, 2025 | 23:38
Updated-12 Sep, 2025 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Copyparty is vulnerable to Regex Denial of Service (ReDoS) attacks through "Recent Uploads" page

Copyparty is a portable file server. Versions prior to 1.18.9, the filter parameter for the "Recent Uploads" page allows arbitrary RegExes. If this feature is enabled (which is the default), an attacker can craft a filter which deadlocks the server. This is fixed in version 1.18.9.

Action-Not Available
Vendor-90019001
Product-copypartycopyparty
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-833
Deadlock
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 30
  • 31
  • Next
Details not found