SCA-2026-0007

Vulnerability from csaf_sick - Published: 2026-04-21 13:00 - Updated: 2026-04-21 13:00
Summary
Sudo vulnerability affects Endress+Hauser MCS200HW
Notes
Summary: The display unit of the Endress+Hauser MCS200HW is affected by a sudo chroot vulnerability.
Impact: If exploited, this vulnerability could potentially allow an unauthenticated attacker to compromise the availability, integrity, and confidentiality of the Endress+Hauser MCS200HW.
Mitigation: As general security measures, SICK recommends minimizing network exposure of the devices, restricting network access, and following recommended security practices in order to operate the devices in a protected IT environment.
Remediation: SICK recommends updating the display unit of the product to version 4.3.4 and ensuring that the product operates within a secure environment.
General Recommendation: As general security measures, SICK recommends minimizing network exposure of the devices, restricting network access, and following recommended security practices in order to operate the devices in a protected IT environment.
CVE-2025-32463

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

9.3 (Critical)
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
Vendor Fix The display unit's firmware versions below 4.3.4 are affected. To address the vulnerability, customers are strongly recommended to update the display unit of their devices to firmware version 4.3.4. Endress+Hauser will include this firmware version in the MCS200HW products starting with version 1.11.5.6R. Alternatively, customers can contact Endress+Hauser directly to obtain the updated display firmware, or download the original firmware - including update instructions - from the Phoenix Contact website referenced below.
References
To clipboard 

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "summary",
        "text": "The display unit of the Endress+Hauser MCS200HW is affected by a sudo chroot vulnerability.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "If exploited, this vulnerability could potentially allow an unauthenticated attacker to compromise the availability, integrity, and confidentiality of the Endress+Hauser MCS200HW.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "As general security measures, SICK recommends minimizing network exposure of the devices, restricting network access, and following recommended security practices in order to operate the devices in a protected IT environment.",
        "title": "Mitigation"
      },
      {
        "category": "description",
        "text": "SICK recommends updating the display unit of the product to version 4.3.4 and ensuring that the product operates within a secure environment.",
        "title": "Remediation"
      },
      {
        "category": "general",
        "text": "As general security measures, SICK recommends minimizing network exposure of the devices, restricting network access, and following recommended security practices in order to operate the devices in a protected IT environment.",
        "title": "General Recommendation"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "psirt@sick.de",
      "issuing_authority": "SICK AG issues and issues in EHS products (when related to the Endress+Hauser SICK (EHS) joint venture).",
      "name": "SICK PSIRT",
      "namespace": "https://www.sick.com/psirt"
    },
    "references": [
      {
        "category": "external",
        "summary": "Endress+Hauser",
        "url": "https://www.endress.com"
      },
      {
        "summary": "SICK PSIRT Security Advisories",
        "url": "https://www.sick.com/psirt"
      },
      {
        "category": "external",
        "summary": "ICS-CERT recommended practices on Industrial Security",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "CVSS v3.1 Calculator",
        "url": "https://www.first.org/cvss/calculator/3.1"
      },
      {
        "category": "self",
        "summary": "The canonical URL.",
        "url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0007.json"
      },
      {
        "summary": "Standalone display firmware, update procedure and further details",
        "url": "https://www.phoenixcontact.com/de-de/produkte/touch-panel-wp-6121-wxps-1290802"
      }
    ],
    "title": "Sudo vulnerability affects Endress+Hauser MCS200HW",
    "tracking": {
      "aliases": [
        "SCA-2026-0007"
      ],
      "current_release_date": "2026-04-21T13:00:00.000Z",
      "generator": {
        "date": "2026-04-21T07:51:46.425Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.47"
        }
      },
      "id": "SCA-2026-0007",
      "initial_release_date": "2026-04-21T13:00:00.000Z",
      "revision_history": [
        {
          "date": "2026-04-21T13:00:00.000Z",
          "number": "1.0.0",
          "summary": "Initial version"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "branches": [
                      {
                        "category": "product_version_range",
                        "name": "vers:all/*",
                        "product": {
                          "name": "Endress+Hauser MCS200HW all versions",
                          "product_id": "CSAFPID-11001"
                        }
                      }
                    ],
                    "category": "product_name",
                    "name": "MCS200HW"
                  }
                ],
                "category": "product_family",
                "name": "Extractive Analyzer"
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c1.11.5.6R",
                "product": {
                  "name": "Firmware \u003c1.11.5.6R",
                  "product_id": "CSAFPID-21001"
                }
              },
              {
                "category": "product_version",
                "name": "1.11.5.6R",
                "product": {
                  "name": "Firmware 1.11.5.6R",
                  "product_id": "CSAFPID-22001"
                }
              }
            ],
            "category": "product_family",
            "name": "Firmware"
          }
        ],
        "category": "vendor",
        "name": "Endress+Hauser"
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Endress+Hauser MCS200HW with firmware \u003c1.11.5.6R",
          "product_id": "CSAFPID-31001"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Endress+Hauser MCS200HW with firmware 1.11.5.6R",
          "product_id": "CSAFPID-32001"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11001"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-32463",
      "cwe": {
        "id": "CWE-829",
        "name": "Inclusion of Functionality from Untrusted Control Sphere"
      },
      "notes": [
        {
          "audience": "all",
          "category": "description",
          "text": "Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001"
        ],
        "known_affected": [
          "CSAFPID-31001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "The display unit\u0027s firmware versions below 4.3.4 are affected. To address the vulnerability, customers are strongly recommended to update the display unit of their devices to firmware version 4.3.4.\n\nEndress+Hauser will include this firmware version in the MCS200HW products starting with version 1.11.5.6R.\n\nAlternatively, customers can contact Endress+Hauser directly to obtain the updated display firmware, or download the original firmware - including update instructions - from the Phoenix\u00a0Contact website referenced below.",
          "product_ids": [
            "CSAFPID-31001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.4,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "temporalScore": 9.3,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001"
          ]
        }
      ],
      "title": "CVE-2025-32463"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.