SICK, a leading sensor manufacturer, has issued a security advisory regarding multiple vulnerabilities affecting its MEAC300 line of programmable sensor devices. The vulnerabilities, tracked as CVE-2022-0778 and CVE-2025-0867, could allow attackers to cause a denial of service or potentially execute arbitrary code on affected devices.
The first vulnerability, CVE-2022-0778 (CVSS 7.5), stems from an issue in the OpenSSL library used by the MEAC300 DE devices. This vulnerability could allow an attacker to trigger an infinite loop, consuming CPU resources and rendering the device unresponsive.
The second vulnerability, CVE-2025-0867 (CVSS 9.9), affects the MEAC300-FNADE4 devices and is related to insufficiently protected credentials. An attacker could exploit this vulnerability to gain access to the device and execute commands with administrative privileges.
“SICK recommends ensuring that affected products operate within secure network environments to mitigate these risks,” the advisory states.
SICK has not yet released firmware updates to address these vulnerabilities. As a workaround, the company recommends implementing general security practices, such as minimizing network exposure, restricting network access, and following recommended security guidelines for operating the devices in a protected IT environment.
Users of affected MEAC300 devices are encouraged to review the advisory and take the necessary precautions to protect their devices from potential attacks.
