Search criteria
2 vulnerabilities found for SICK MSC800 by SICK AG
CVE-2024-8751 (GCVE-0-2024-8751)
Vulnerability from cvelistv5 – Published: 2024-09-12 21:38 – Updated: 2024-09-13 14:02
VLAI?
Title
Vulnerability in SICK MSC800
Summary
A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product’s IP
address over Sopas ET.
This can lead to Denial of Service.
Users are recommended to upgrade both
MSC800 and MSC800 LFT to version V4.26 and S2.93.20 respectively which fixes this issue.
Severity ?
7.5 (High)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SICK AG | SICK MSC800 |
Affected:
V1.0 , ≤ <=V4.25
(custom)
Affected: S1.0 , ≤ <=S2.93.19 (custom) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:sick:msc800_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "msc800_firmware",
"vendor": "sick",
"versions": [
{
"lessThanOrEqual": "4.25",
"status": "affected",
"version": "1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "s2.93.19",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8751",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T13:53:13.856056Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T14:02:19.375Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SICK MSC800",
"vendor": "SICK AG",
"versions": [
{
"lessThanOrEqual": "\u003c=V4.25",
"status": "affected",
"version": "V1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "\u003c=S2.93.19",
"status": "affected",
"version": "S1.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-09-12T21:33:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product\u2019s IP\naddress over Sopas ET. \u003cbr\u003eThis can lead to Denial of Service. \u003cbr\u003eUsers are recommended to upgrade both\nMSC800 and MSC800 LFT to version V4.26 and S2.93.20 respectively which fixes this issue."
}
],
"value": "A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product\u2019s IP\naddress over Sopas ET. \nThis can lead to Denial of Service. \nUsers are recommended to upgrade both\nMSC800 and MSC800 LFT to version V4.26 and S2.93.20 respectively which fixes this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T21:38:37.516Z",
"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"shortName": "SICK AG"
},
"references": [
{
"tags": [
"x_SICK PSIRT Website"
],
"url": "https://sick.com/psirt"
},
{
"tags": [
"x_SICK Operating Guidelines"
],
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"tags": [
"x_ICS-CERT recommended practices on Industrial Security"
],
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"tags": [
"x_CVSS v3.1 Calculator"
],
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2024/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Customers who use the version \u0026lt;=V4.25 are strongly recommended to upgrade to the latest\nrelease V4.26\n\n\u003cbr\u003e"
}
],
"value": "Customers who use the version \u003c=V4.25 are strongly recommended to upgrade to the latest\nrelease V4.26"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Customers who use the version \u0026lt;=S2.93.19 are strongly recommended to upgrade to the\nlatest release S2.93.20.\n\n\u003cbr\u003e"
}
],
"value": "Customers who use the version \u003c=S2.93.19 are strongly recommended to upgrade to the\nlatest release S2.93.20."
}
],
"source": {
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-09-12T21:36:00.000Z",
"value": "1: Initial version"
}
],
"title": "Vulnerability in SICK MSC800",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"assignerShortName": "SICK AG",
"cveId": "CVE-2024-8751",
"datePublished": "2024-09-12T21:38:37.516Z",
"dateReserved": "2024-09-12T13:17:03.176Z",
"dateUpdated": "2024-09-13T14:02:19.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8751 (GCVE-0-2024-8751)
Vulnerability from nvd – Published: 2024-09-12 21:38 – Updated: 2024-09-13 14:02
VLAI?
Title
Vulnerability in SICK MSC800
Summary
A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product’s IP
address over Sopas ET.
This can lead to Denial of Service.
Users are recommended to upgrade both
MSC800 and MSC800 LFT to version V4.26 and S2.93.20 respectively which fixes this issue.
Severity ?
7.5 (High)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SICK AG | SICK MSC800 |
Affected:
V1.0 , ≤ <=V4.25
(custom)
Affected: S1.0 , ≤ <=S2.93.19 (custom) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:sick:msc800_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "msc800_firmware",
"vendor": "sick",
"versions": [
{
"lessThanOrEqual": "4.25",
"status": "affected",
"version": "1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "s2.93.19",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8751",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T13:53:13.856056Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T14:02:19.375Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SICK MSC800",
"vendor": "SICK AG",
"versions": [
{
"lessThanOrEqual": "\u003c=V4.25",
"status": "affected",
"version": "V1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "\u003c=S2.93.19",
"status": "affected",
"version": "S1.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-09-12T21:33:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product\u2019s IP\naddress over Sopas ET. \u003cbr\u003eThis can lead to Denial of Service. \u003cbr\u003eUsers are recommended to upgrade both\nMSC800 and MSC800 LFT to version V4.26 and S2.93.20 respectively which fixes this issue."
}
],
"value": "A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product\u2019s IP\naddress over Sopas ET. \nThis can lead to Denial of Service. \nUsers are recommended to upgrade both\nMSC800 and MSC800 LFT to version V4.26 and S2.93.20 respectively which fixes this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T21:38:37.516Z",
"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"shortName": "SICK AG"
},
"references": [
{
"tags": [
"x_SICK PSIRT Website"
],
"url": "https://sick.com/psirt"
},
{
"tags": [
"x_SICK Operating Guidelines"
],
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"tags": [
"x_ICS-CERT recommended practices on Industrial Security"
],
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"tags": [
"x_CVSS v3.1 Calculator"
],
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2024/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Customers who use the version \u0026lt;=V4.25 are strongly recommended to upgrade to the latest\nrelease V4.26\n\n\u003cbr\u003e"
}
],
"value": "Customers who use the version \u003c=V4.25 are strongly recommended to upgrade to the latest\nrelease V4.26"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Customers who use the version \u0026lt;=S2.93.19 are strongly recommended to upgrade to the\nlatest release S2.93.20.\n\n\u003cbr\u003e"
}
],
"value": "Customers who use the version \u003c=S2.93.19 are strongly recommended to upgrade to the\nlatest release S2.93.20."
}
],
"source": {
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-09-12T21:36:00.000Z",
"value": "1: Initial version"
}
],
"title": "Vulnerability in SICK MSC800",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"assignerShortName": "SICK AG",
"cveId": "CVE-2024-8751",
"datePublished": "2024-09-12T21:38:37.516Z",
"dateReserved": "2024-09-12T13:17:03.176Z",
"dateUpdated": "2024-09-13T14:02:19.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}