Search criteria
9 vulnerabilities found for msc800_firmware by sick
FKIE_CVE-2022-27577
Vulnerability from fkie_nvd - Published: 2022-04-11 20:15 - Updated: 2024-11-21 06:55
Severity ?
Summary
The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise services on the MSC800. SICK has released a new firmware version of the SICK MSC800 and recommends updating to the newest version.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@sick.de | https://sick.com/psirt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sick.com/psirt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sick | msc800_firmware | * | |
| sick | msc800 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sick:msc800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C26E15-D151-4466-9E3D-F3CFAB3D91ED",
"versionEndExcluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sick:msc800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A09CB55-1368-4623-8EB5-BAB2D57E4BC4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise services on the MSC800. SICK has released a new firmware version of the SICK MSC800 and recommends updating to the newest version."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el MSC800 en todas las versiones anteriores a 4.15 permite a un atacante predecir el n\u00famero de secuencia inicial TCP. Cuando la secuencia TCP es predecible, un atacante puede enviar paquetes falsificados para que parezcan proceder de un ordenador confiable. Estos paquetes falsificados podr\u00edan comprometer los servicios del MSC800. SICK ha publicado una nueva versi\u00f3n de firmware del SICK MSC800 y recomienda actualizar a la versi\u00f3n m\u00e1s reciente"
}
],
"id": "CVE-2022-27577",
"lastModified": "2024-11-21T06:55:58.847",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-11T20:15:22.027",
"references": [
{
"source": "psirt@sick.de",
"tags": [
"Vendor Advisory"
],
"url": "https://sick.com/psirt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://sick.com/psirt"
}
],
"sourceIdentifier": "psirt@sick.de",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-342"
}
],
"source": "psirt@sick.de",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-2075
Vulnerability from fkie_nvd - Published: 2020-08-31 18:15 - Updated: 2024-11-21 05:24
Severity ?
Summary
Platform mechanism AutoIP allows remote attackers to reboot the device via a crafted packet in SICK AG solutions Bulkscan LMS111, Bulkscan LMS511, CLV62x – CLV65x, ICR890-3, LMS10x, LMS11x, LMS15x, LMS12x, LMS13x, LMS14x, LMS5xx, LMS53x, MSC800, RFH.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sick:lms111_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4E9439B-2153-4D66-8C8B-D7DED32BD81B",
"versionEndExcluding": "1.04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sick:lms111:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67011E35-C9AB-40C5-8DCC-29FA82A5F880",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sick:lms511_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33CCFE2A-61B1-4565-8504-F26A0412A0CD",
"versionEndExcluding": "2.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sick:lms511:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9ABE387A-9B29-43DE-A4F1-EDD3CB8BEB6F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sick:clv620_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97320450-2AEC-4E4A-9399-E2115AC4315A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sick:clv620:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A58D587-1663-4E99-85DA-80DCBF0486F1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sick:clv622_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC9D5448-F17A-4042-A8F8-EE261F3C3E9E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sick:clv622:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8559D0CC-2CBE-4E4B-9FF9-43AECFFD27C5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sick:clv621_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D07761A7-0CFE-4F43-9ADC-FCC28FA5ECFE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sick:clv621:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5189BEF6-17B2-4F77-B8E3-85B00D977CBA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sick:icr890-3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D9C80C4-52DA-40E2-8C38-8014F616D1AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sick:icr890-3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3A05BC1-4E78-494B-B6E2-5F1E721CC50B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sick:msc800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E01267B-42D2-4F29-BFEF-6AD37D48582A",
"versionEndExcluding": "4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sick:msc800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A09CB55-1368-4623-8EB5-BAB2D57E4BC4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sick:rfh_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7074A993-231B-45B9-ACC8-14594D420F16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sick:rfh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "983F3C0E-7C67-47EA-BD54-8F3B7BF5493A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sick:clv650_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5A30918-7CA4-4C05-896B-20426A30D86F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sick:clv650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3FB3E2F-1637-4861-AF22-D4BF59A7906D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sick:clv651_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BBD455-DA1C-4E86-BC99-143B22D4448F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sick:clv651:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2313BBE6-6679-4073-9FC0-51FBE9F0A8B3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sick:clv631_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA9ED42-6E5A-4456-B099-D08EB6ABB0DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sick:clv631:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0893F42F-EAB9-4D3D-9F94-4892C6890BDB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sick:clv630_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99BD27B2-E055-4C52-A817-577384497F87",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sick:clv630:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42DC25E7-8C55-470A-B451-591A03CA2A40",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sick:clv632_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DEE9E96-1DA5-4EBD-8847-EAE418215C11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sick:clv632:-:*:*:*:*:*:*:*",
"matchCriteriaId": "82B0632E-A55F-4EA8-A132-0D11CE38FDC6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sick:clv640_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B22CDFFC-AF15-4883-95F4-CE4D191EC482",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sick:clv640:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C721EE7D-D046-4AEF-80FA-217B5684419E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sick:clv642_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E632CA7-141B-495B-8A57-BC06867842AA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sick:clv642:-:*:*:*:*:*:*:*",
"matchCriteriaId": "651F0D5C-F7DA-41A6-B3C3-B48C0662C855",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sick:lms100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "118835C2-4939-4601-935A-032028D58E84",
"versionEndExcluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sick:lms100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31A7D324-DBC8-4EBC-8AA2-E42C33E5758C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sick:lms101_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF828DD0-095A-4784-8D1A-87F3CF361297",
"versionEndExcluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sick:lms101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B5ED872-0E79-4901-96D9-27CBA55DAEA3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sick:lms111_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D69045C1-7EF8-4F8E-8940-1171DB40F9D9",
"versionEndExcluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sick:lms111:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67011E35-C9AB-40C5-8DCC-29FA82A5F880",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sick:lms153_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63031071-D70A-440F-8735-801AEEC0CC0D",
"versionEndExcluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sick:lms153:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54A544C0-9ABD-46AD-B193-87C6EF7FF133",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sick:lms151_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A61E7FD6-BB7F-4FEB-A82F-6493B993C7D5",
"versionEndExcluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sick:lms151:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D01238F-0776-493A-AD81-D0E14D2A4C71",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sick:lms133_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2054C96-9A9C-4FC8-8E8C-7D315BA73234",
"versionEndExcluding": "2.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sick:lms133:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B48111FA-BB11-4FF9-9CE0-42459229A60C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sick:lms142_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A83F4309-6C29-48F6-A276-95E5BC8330FA",
"versionEndExcluding": "2.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sick:lms142:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43602F20-5065-4965-BFC9-BFA581ED5ECC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sick:lms143_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55215A7C-B7D8-4D94-84FA-26939D9FAD1F",
"versionEndExcluding": "2.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sick:lms143:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02F0ED4E-1AB0-4EAB-8D3F-E318DE3D51F1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sick:lms131_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9543231B-6C33-4C66-95D0-1D2B49063F11",
"versionEndExcluding": "2.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sick:lms131:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9378A66C-EF01-4DFA-9E8C-4231FE0E8914",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sick:lms121_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8143104-4230-42EE-BA3C-73C10CA48667",
"versionEndExcluding": "2.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sick:lms121:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9B7CE13-0E33-439B-866B-C0CD365919C5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sick:lms123_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3E89AC-85E2-4279-87AC-31D89381F263",
"versionEndExcluding": "2.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sick:lms123:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB011CA-769D-4335-A57A-62B77AD9E0FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sick:lms122_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCA825F2-A103-429B-BD61-08634033BA12",
"versionEndExcluding": "2.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sick:lms122:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C689D72-3D25-4C3F-BBF5-15691D18F9BA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sick:lms141_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DB1AB8D-8116-46C1-8125-10DED10DE830",
"versionEndExcluding": "2.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sick:lms141:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24237BC0-BE8D-4EF8-A3C4-BEE1A8373481",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sick:lms511_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F113FA6F-F3CC-43C7-97A4-D40F8F1F5E9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sick:lms511:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9ABE387A-9B29-43DE-A4F1-EDD3CB8BEB6F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sick:lms531_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5943B624-D730-4679-8118-CD29CFB4CD1C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sick:lms531:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44AF5B79-0A15-4195-80F3-7304D8000D1A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sick:lms500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DF24DAB-D1E4-4B14-B9CE-BFB52F9BDBC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sick:lms500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8A37D4F-969C-4496-BD10-13C903A41305",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sick:icr890-3.5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D253F05-FCF4-4E90-BC55-CC838C2297F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sick:icr890-3.5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F8A72B7-8433-4EC6-8384-89A52E519A58",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Platform mechanism AutoIP allows remote attackers to reboot the device via a crafted packet in SICK AG solutions Bulkscan LMS111, Bulkscan LMS511, CLV62x \u2013 CLV65x, ICR890-3, LMS10x, LMS11x, LMS15x, LMS12x, LMS13x, LMS14x, LMS5xx, LMS53x, MSC800, RFH."
},
{
"lang": "es",
"value": "El mecanismo de plataforma AutoIP permite a atacantes remotos reiniciar el dispositivo por medio de un paquete dise\u00f1ado en las soluciones de SICK AG Bulkscan LMS111, Bulkscan LMS511, CLV62x - CLV65x, ICR890-3, LMS10x, LMS11x, LMS15x, LMS12x, LMS13x, LMS14x, LMS5xx, LMS53x, RFH"
}
],
"id": "CVE-2020-2075",
"lastModified": "2024-11-21T05:24:33.753",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-31T18:15:13.170",
"references": [
{
"source": "psirt@sick.de",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"
}
],
"sourceIdentifier": "psirt@sick.de",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-703"
}
],
"source": "psirt@sick.de",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-10979
Vulnerability from fkie_nvd - Published: 2019-07-01 21:15 - Updated: 2024-11-21 04:20
Severity ?
Summary
SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/108924 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories | ||
| ics-cert@hq.dhs.gov | https://www.us-cert.gov/ics/advisories/icsa-19-178-04 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/108924 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsa-19-178-04 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sick | msc800_firmware | * | |
| sick | msc800 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sick:msc800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BD24C0-833F-4134-930D-A196C1891098",
"versionEndExcluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sick:msc800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A09CB55-1368-4623-8EB5-BAB2D57E4BC4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password."
},
{
"lang": "es",
"value": "SICK MSC800 en todas las versiones anteriores a la versi\u00f3n 4.0, las versiones de firmware afectadas contienen una contrase\u00f1a de cuenta de cliente codificada."
}
],
"id": "CVE-2019-10979",
"lastModified": "2024-11-21T04:20:17.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-01T21:15:10.920",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108924"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108924"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-04"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-27577 (GCVE-0-2022-27577)
Vulnerability from cvelistv5 – Published: 2022-04-11 19:37 – Updated: 2024-08-03 05:32
VLAI?
Summary
The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise services on the MSC800. SICK has released a new firmware version of the SICK MSC800 and recommends updating to the newest version.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | SICK MSC800 |
Affected:
All versions before 4.15
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sick.com/psirt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SICK MSC800",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions before 4.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise services on the MSC800. SICK has released a new firmware version of the SICK MSC800 and recommends updating to the newest version."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-342",
"description": "CWE-342",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T19:37:47",
"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"shortName": "SICK AG"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sick.com/psirt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@sick.de",
"ID": "CVE-2022-27577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SICK MSC800",
"version": {
"version_data": [
{
"version_value": "All versions before 4.15"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise services on the MSC800. SICK has released a new firmware version of the SICK MSC800 and recommends updating to the newest version."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-342"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sick.com/psirt",
"refsource": "MISC",
"url": "https://sick.com/psirt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"assignerShortName": "SICK AG",
"cveId": "CVE-2022-27577",
"datePublished": "2022-04-11T19:37:47",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-08-03T05:32:59.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-2075 (GCVE-0-2020-2075)
Vulnerability from cvelistv5 – Published: 2020-08-31 17:09 – Updated: 2024-08-04 06:54
VLAI?
Summary
Platform mechanism AutoIP allows remote attackers to reboot the device via a crafted packet in SICK AG solutions Bulkscan LMS111, Bulkscan LMS511, CLV62x – CLV65x, ICR890-3, LMS10x, LMS11x, LMS15x, LMS12x, LMS13x, LMS14x, LMS5xx, LMS53x, MSC800, RFH.
Severity ?
No CVSS data available.
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Bulkscan LMS111; Bulkscan LMS511; CLV62x – CLV65x; ICR890-3; LMS10x, LMS11x, LMS15x; LMS12x, LMS13x, LMS14x; LMS5xx, LMS53x; MSC800; RFH |
Affected:
All Versions < V1.04
Affected: All Versions < V2.30 Affected: All versions with Ethernet interface Affected: All ICR890-3 and ICR890-3.5 devices all versions Affected: All Versions < V2.0 Affected: All Versions < V2.10 Affected: All versions Affected: All Versions < V4.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:54:00.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Bulkscan LMS111; Bulkscan LMS511; CLV62x \u2013 CLV65x; ICR890-3; LMS10x, LMS11x, LMS15x; LMS12x, LMS13x, LMS14x; LMS5xx, LMS53x; MSC800; RFH",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All Versions \u003c V1.04"
},
{
"status": "affected",
"version": "All Versions \u003c V2.30"
},
{
"status": "affected",
"version": "All versions with Ethernet interface"
},
{
"status": "affected",
"version": "All ICR890-3 and ICR890-3.5 devices all versions"
},
{
"status": "affected",
"version": "All Versions \u003c V2.0"
},
{
"status": "affected",
"version": "All Versions \u003c V2.10"
},
{
"status": "affected",
"version": "All versions"
},
{
"status": "affected",
"version": "All Versions \u003c V4.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Platform mechanism AutoIP allows remote attackers to reboot the device via a crafted packet in SICK AG solutions Bulkscan LMS111, Bulkscan LMS511, CLV62x \u2013 CLV65x, ICR890-3, LMS10x, LMS11x, LMS15x, LMS12x, LMS13x, LMS14x, LMS5xx, LMS53x, MSC800, RFH."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-31T17:09:07",
"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"shortName": "SICK AG"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@sick.de",
"ID": "CVE-2020-2075",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Bulkscan LMS111; Bulkscan LMS511; CLV62x \u2013 CLV65x; ICR890-3; LMS10x, LMS11x, LMS15x; LMS12x, LMS13x, LMS14x; LMS5xx, LMS53x; MSC800; RFH",
"version": {
"version_data": [
{
"version_value": "All Versions \u003c V1.04"
},
{
"version_value": "All Versions \u003c V2.30"
},
{
"version_value": "All versions with Ethernet interface"
},
{
"version_value": "All ICR890-3 and ICR890-3.5 devices all versions"
},
{
"version_value": "All Versions \u003c V2.0"
},
{
"version_value": "All Versions \u003c V2.10"
},
{
"version_value": "All versions"
},
{
"version_value": "All Versions \u003c V4.10"
},
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Platform mechanism AutoIP allows remote attackers to reboot the device via a crafted packet in SICK AG solutions Bulkscan LMS111, Bulkscan LMS511, CLV62x \u2013 CLV65x, ICR890-3, LMS10x, LMS11x, LMS15x, LMS12x, LMS13x, LMS14x, LMS5xx, LMS53x, MSC800, RFH."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-703: Improper Check or Handling of Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories",
"refsource": "MISC",
"url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"assignerShortName": "SICK AG",
"cveId": "CVE-2020-2075",
"datePublished": "2020-08-31T17:09:07",
"dateReserved": "2019-12-04T00:00:00",
"dateUpdated": "2024-08-04T06:54:00.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10979 (GCVE-0-2019-10979)
Vulnerability from cvelistv5 – Published: 2019-07-01 20:05 – Updated: 2024-08-04 22:40
VLAI?
Summary
SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password.
Severity ?
No CVSS data available.
CWE
- CWE-798 - USE OF HARD-CODED CREDENTIALS CWE-798
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "108924",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108924"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-04"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MSC800",
"vendor": "SICK",
"versions": [
{
"status": "affected",
"version": "all versions prior to Version 4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "USE OF HARD-CODED CREDENTIALS CWE-798",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T12:53:22",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "108924",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108924"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-04"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-10979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MSC800",
"version": {
"version_data": [
{
"version_value": "all versions prior to Version 4.0"
}
]
}
}
]
},
"vendor_name": "SICK"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE OF HARD-CODED CREDENTIALS CWE-798"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "108924",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108924"
},
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-178-04",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-04"
},
{
"name": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories",
"refsource": "CONFIRM",
"url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-10979",
"datePublished": "2019-07-01T20:05:10",
"dateReserved": "2019-04-08T00:00:00",
"dateUpdated": "2024-08-04T22:40:15.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27577 (GCVE-0-2022-27577)
Vulnerability from nvd – Published: 2022-04-11 19:37 – Updated: 2024-08-03 05:32
VLAI?
Summary
The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise services on the MSC800. SICK has released a new firmware version of the SICK MSC800 and recommends updating to the newest version.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | SICK MSC800 |
Affected:
All versions before 4.15
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sick.com/psirt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SICK MSC800",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions before 4.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise services on the MSC800. SICK has released a new firmware version of the SICK MSC800 and recommends updating to the newest version."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-342",
"description": "CWE-342",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T19:37:47",
"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"shortName": "SICK AG"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sick.com/psirt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@sick.de",
"ID": "CVE-2022-27577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SICK MSC800",
"version": {
"version_data": [
{
"version_value": "All versions before 4.15"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise services on the MSC800. SICK has released a new firmware version of the SICK MSC800 and recommends updating to the newest version."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-342"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sick.com/psirt",
"refsource": "MISC",
"url": "https://sick.com/psirt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"assignerShortName": "SICK AG",
"cveId": "CVE-2022-27577",
"datePublished": "2022-04-11T19:37:47",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-08-03T05:32:59.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-2075 (GCVE-0-2020-2075)
Vulnerability from nvd – Published: 2020-08-31 17:09 – Updated: 2024-08-04 06:54
VLAI?
Summary
Platform mechanism AutoIP allows remote attackers to reboot the device via a crafted packet in SICK AG solutions Bulkscan LMS111, Bulkscan LMS511, CLV62x – CLV65x, ICR890-3, LMS10x, LMS11x, LMS15x, LMS12x, LMS13x, LMS14x, LMS5xx, LMS53x, MSC800, RFH.
Severity ?
No CVSS data available.
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Bulkscan LMS111; Bulkscan LMS511; CLV62x – CLV65x; ICR890-3; LMS10x, LMS11x, LMS15x; LMS12x, LMS13x, LMS14x; LMS5xx, LMS53x; MSC800; RFH |
Affected:
All Versions < V1.04
Affected: All Versions < V2.30 Affected: All versions with Ethernet interface Affected: All ICR890-3 and ICR890-3.5 devices all versions Affected: All Versions < V2.0 Affected: All Versions < V2.10 Affected: All versions Affected: All Versions < V4.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:54:00.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Bulkscan LMS111; Bulkscan LMS511; CLV62x \u2013 CLV65x; ICR890-3; LMS10x, LMS11x, LMS15x; LMS12x, LMS13x, LMS14x; LMS5xx, LMS53x; MSC800; RFH",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All Versions \u003c V1.04"
},
{
"status": "affected",
"version": "All Versions \u003c V2.30"
},
{
"status": "affected",
"version": "All versions with Ethernet interface"
},
{
"status": "affected",
"version": "All ICR890-3 and ICR890-3.5 devices all versions"
},
{
"status": "affected",
"version": "All Versions \u003c V2.0"
},
{
"status": "affected",
"version": "All Versions \u003c V2.10"
},
{
"status": "affected",
"version": "All versions"
},
{
"status": "affected",
"version": "All Versions \u003c V4.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Platform mechanism AutoIP allows remote attackers to reboot the device via a crafted packet in SICK AG solutions Bulkscan LMS111, Bulkscan LMS511, CLV62x \u2013 CLV65x, ICR890-3, LMS10x, LMS11x, LMS15x, LMS12x, LMS13x, LMS14x, LMS5xx, LMS53x, MSC800, RFH."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-31T17:09:07",
"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"shortName": "SICK AG"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@sick.de",
"ID": "CVE-2020-2075",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Bulkscan LMS111; Bulkscan LMS511; CLV62x \u2013 CLV65x; ICR890-3; LMS10x, LMS11x, LMS15x; LMS12x, LMS13x, LMS14x; LMS5xx, LMS53x; MSC800; RFH",
"version": {
"version_data": [
{
"version_value": "All Versions \u003c V1.04"
},
{
"version_value": "All Versions \u003c V2.30"
},
{
"version_value": "All versions with Ethernet interface"
},
{
"version_value": "All ICR890-3 and ICR890-3.5 devices all versions"
},
{
"version_value": "All Versions \u003c V2.0"
},
{
"version_value": "All Versions \u003c V2.10"
},
{
"version_value": "All versions"
},
{
"version_value": "All Versions \u003c V4.10"
},
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Platform mechanism AutoIP allows remote attackers to reboot the device via a crafted packet in SICK AG solutions Bulkscan LMS111, Bulkscan LMS511, CLV62x \u2013 CLV65x, ICR890-3, LMS10x, LMS11x, LMS15x, LMS12x, LMS13x, LMS14x, LMS5xx, LMS53x, MSC800, RFH."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-703: Improper Check or Handling of Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories",
"refsource": "MISC",
"url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"assignerShortName": "SICK AG",
"cveId": "CVE-2020-2075",
"datePublished": "2020-08-31T17:09:07",
"dateReserved": "2019-12-04T00:00:00",
"dateUpdated": "2024-08-04T06:54:00.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10979 (GCVE-0-2019-10979)
Vulnerability from nvd – Published: 2019-07-01 20:05 – Updated: 2024-08-04 22:40
VLAI?
Summary
SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password.
Severity ?
No CVSS data available.
CWE
- CWE-798 - USE OF HARD-CODED CREDENTIALS CWE-798
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "108924",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108924"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-04"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MSC800",
"vendor": "SICK",
"versions": [
{
"status": "affected",
"version": "all versions prior to Version 4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "USE OF HARD-CODED CREDENTIALS CWE-798",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T12:53:22",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "108924",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108924"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-04"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-10979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MSC800",
"version": {
"version_data": [
{
"version_value": "all versions prior to Version 4.0"
}
]
}
}
]
},
"vendor_name": "SICK"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE OF HARD-CODED CREDENTIALS CWE-798"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "108924",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108924"
},
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-178-04",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-04"
},
{
"name": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories",
"refsource": "CONFIRM",
"url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-10979",
"datePublished": "2019-07-01T20:05:10",
"dateReserved": "2019-04-08T00:00:00",
"dateUpdated": "2024-08-04T22:40:15.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}