csaf_sick - sca-2024-0002

SCA-2024-0002

Vulnerability from csaf_sick - Published: 2024-09-11 23:00 - Updated: 2024-09-11 23:00

Summary

Vulnerability in SICK MSC800

Notes

summary

SICK found a security vulnerability in the SICK MSC800. This vulnerability allows an unauthenticated attacker to modify the IP address of the product through the SopasET interface, potentially leading to Denial of Service. Currently SICK is not aware of any public exploits specifically targeting the vulnerability. SICK has released a new version of the SICK MSC800 firmware and recommends updating to the newest version.

General Security Measures

As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.

Vulnerability Classification

SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "summary",
        "text": "SICK found a security vulnerability in the SICK MSC800. This vulnerability allows an unauthenticated attacker to modify the IP address of the product through the SopasET interface, potentially leading to Denial of Service.\nCurrently SICK is not aware of any public exploits specifically targeting the vulnerability.\nSICK has released a new version of the SICK MSC800 firmware and recommends updating to the newest version.\n",
        "title": "summary"
      },
      {
        "category": "general",
        "text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.",
        "title": "General Security Measures"
      },
      {
        "category": "general",
        "text": "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer\u2019s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.",
        "title": "Vulnerability Classification"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@sick.de",
      "issuing_authority": "SICK PSIRT is responsible for any vulnerabilities related to SICK products.",
      "name": "SICK PSIRT",
      "namespace": "https://www.sick.com/psirt"
    },
    "references": [
      {
        "summary": "SICK PSIRT Security Advisories",
        "url": "https://sick.com/psirt"
      },
      {
        "summary": "SICK Operating Guidelines",
        "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
      },
      {
        "summary": "ICS-CERT recommended practices on Industrial Security",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "summary": "CVSS v3.1 Calculator",
        "url": "https://www.first.org/cvss/calculator/3.1"
      },
      {
        "category": "self",
        "summary": "The canonical URL.",
        "url": "https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0002.json"
      }
    ],
    "title": "Vulnerability in SICK MSC800",
    "tracking": {
      "current_release_date": "2024-09-11T23:00:00.000Z",
      "generator": {
        "date": "2024-11-21T14:04:45.721Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.15"
        }
      },
      "id": "SCA-2024-0002",
      "initial_release_date": "2024-09-11T23:00:00.000Z",
      "revision_history": [
        {
          "date": "2024-09-11T23:00:00.000Z",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-07-30T07:30:15.000Z",
          "number": "2",
          "summary": "Updated Advisory: URL for SICK Operating Guidelines has been updated"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK MSC800 all versions",
                      "product_id": "CSAFPID-0001"
                    }
                  }
                ],
                "category": "product_name",
                "name": "MSC800"
              }
            ],
            "category": "product_family",
            "name": "The Modular System Controller"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=V4.25",
                "product": {
                  "name": "SICK MSC800 Firmware \u003c=V4.25",
                  "product_id": "CSAFPID-0002"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=S2.93.19",
                "product": {
                  "name": "SICK MSC800 Firmware \u003c=S2.93.19",
                  "product_id": "CSAFPID-0003"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003e=S2.93.20",
                "product": {
                  "name": "SICK MSC800 Firmware \u003e=S2.93.20",
                  "product_id": "CSAFPID-0004"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003e=S2.93.20",
                "product": {
                  "name": "SICK MSC800 Firmware \u003e=S2.93.20",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "MSC800 Firmware"
          }
        ],
        "category": "vendor",
        "name": "SICK AG"
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK MSC800 with Firmware \u003c=V4.25",
          "product_id": "CSAFPID-0006"
        },
        "product_reference": "CSAFPID-0002",
        "relates_to_product_reference": "CSAFPID-0001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK MSC800 with Firmware \u003c=S2.93.19",
          "product_id": "CSAFPID-0007"
        },
        "product_reference": "CSAFPID-0003",
        "relates_to_product_reference": "CSAFPID-0001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK MSC800 all versions with Firmware \u003e=4.26",
          "product_id": "CSAFPID-0008"
        },
        "product_reference": "CSAFPID-0004",
        "relates_to_product_reference": "CSAFPID-0001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK MSC800 all versions with Firmware \u003e=S2.93.20",
          "product_id": "CSAFPID-0009"
        },
        "product_reference": "CSAFPID-0005",
        "relates_to_product_reference": "CSAFPID-0001"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-8751",
      "cwe": {
        "id": "CWE-306",
        "name": "Missing Authentication for Critical Function"
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product\u0027s IP address over Sopas ET. This can lead to Denial of Service. Users are recommended to upgrade both MSC800 and MSC800 LFT to version V4.26 and S2.93.20 respectively which fixes this issue.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-0008",
          "CSAFPID-0009"
        ],
        "known_affected": [
          "CSAFPID-0006",
          "CSAFPID-0007"
        ],
        "recommended": [
          "CSAFPID-0008",
          "CSAFPID-0009"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-23T23:00:00.000Z",
          "details": "Customers who use the version \u003c=V4.25 are strongly recommended to upgrade to the latest release V4.26\n",
          "product_ids": [
            "CSAFPID-0006"
          ]
        },
        {
          "category": "vendor_fix",
          "date": "2024-05-23T23:00:00.000Z",
          "details": "Customers who use the version \u003c=S2.93.19 are strongly recommended to upgrade to the latest release S2.93.20.",
          "product_ids": [
            "CSAFPID-0007"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "environmentalScore": 7.5,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        }
      ],
      "title": "Missing Authentication for Critical Function"
    }
  ]
}

CVE-2024-8751 (GCVE-0-2024-8751)

Vulnerability from cvelistv5 – Published: 2024-09-12 21:38 – Updated: 2024-09-13 14:02

Summary

A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product’s IP address over Sopas ET. This can lead to Denial of Service. Users are recommended to upgrade both MSC800 and MSC800 LFT to version V4.26 and S2.93.20 respectively which fixes this issue.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-306 - Missing Authentication for Critical Function

Assigner

SICK AG

References

URL

Tags

	https://sick.com/psirt	x_SICK PSIRT Website
	https://cdn.sick.com/media/docs/1/11/411/Special_…	x_SICK Operating Guidelines
	https://www.cisa.gov/resources-tools/resources/ic…	x_ICS-CERT recommended practices on Industrial Security
	https://www.first.org/cvss/calculator/3.1	x_CVSS v3.1 Calculator
	https://www.sick.com/.well-known/csaf/white/2024/	vendor-advisory

Impacted products

	Vendor	Product	Version
	SICK AG	SICK MSC800	Affected: V1.0 , ≤ <=V4.25 (custom) Affected: S1.0 , ≤ <=S2.93.19 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:sick:msc800_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "msc800_firmware",
            "vendor": "sick",
            "versions": [
              {
                "lessThanOrEqual": "4.25",
                "status": "affected",
                "version": "1.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "s2.93.19",
                "status": "affected",
                "version": "1.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8751",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-13T13:53:13.856056Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-13T14:02:19.375Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "SICK MSC800",
          "vendor": "SICK AG",
          "versions": [
            {
              "lessThanOrEqual": "\u003c=V4.25",
              "status": "affected",
              "version": "V1.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "\u003c=S2.93.19",
              "status": "affected",
              "version": "S1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-09-12T21:33:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product\u2019s IP\naddress over Sopas ET. \u003cbr\u003eThis can lead to Denial of Service. \u003cbr\u003eUsers are recommended to upgrade both\nMSC800 and MSC800 LFT to version V4.26 and S2.93.20 respectively which fixes this issue."
            }
          ],
          "value": "A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product\u2019s IP\naddress over Sopas ET. \nThis can lead to Denial of Service. \nUsers are recommended to upgrade both\nMSC800 and MSC800 LFT to version V4.26 and S2.93.20 respectively which fixes this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306 Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-12T21:38:37.516Z",
        "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "shortName": "SICK AG"
      },
      "references": [
        {
          "tags": [
            "x_SICK PSIRT Website"
          ],
          "url": "https://sick.com/psirt"
        },
        {
          "tags": [
            "x_SICK Operating Guidelines"
          ],
          "url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
        },
        {
          "tags": [
            "x_ICS-CERT recommended practices on Industrial Security"
          ],
          "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
        },
        {
          "tags": [
            "x_CVSS v3.1 Calculator"
          ],
          "url": "https://www.first.org/cvss/calculator/3.1"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.sick.com/.well-known/csaf/white/2024/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Customers who use the version \u0026lt;=V4.25 are strongly recommended to upgrade to the latest\nrelease V4.26\n\n\u003cbr\u003e"
            }
          ],
          "value": "Customers who use the version \u003c=V4.25 are strongly recommended to upgrade to the latest\nrelease V4.26"
        },
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Customers who use the version \u0026lt;=S2.93.19 are strongly recommended to upgrade to the\nlatest release S2.93.20.\n\n\u003cbr\u003e"
            }
          ],
          "value": "Customers who use the version \u003c=S2.93.19 are strongly recommended to upgrade to the\nlatest release S2.93.20."
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-09-12T21:36:00.000Z",
          "value": "1: Initial version"
        }
      ],
      "title": "Vulnerability in SICK MSC800",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
    "assignerShortName": "SICK AG",
    "cveId": "CVE-2024-8751",
    "datePublished": "2024-09-12T21:38:37.516Z",
    "dateReserved": "2024-09-12T13:17:03.176Z",
    "dateUpdated": "2024-09-13T14:02:19.375Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

SCA-2024-0002

CVE-2024-8751 (GCVE-0-2024-8751)

Tags

Sightings

Nomenclature