Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for SICK MSC800 by SICK AG

    CVE-2024-8751 (GCVE-0-2024-8751)

    Vulnerability from nvd – Published: 2024-09-12 21:38 – Updated: 2024-09-13 14:02
    VLAI
    Title
    Vulnerability in SICK MSC800
    Summary
    A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product’s IP address over Sopas ET. This can lead to Denial of Service. Users are recommended to upgrade both MSC800 and MSC800 LFT to version V4.26 and S2.93.20 respectively which fixes this issue.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    URL Tags
    https://sick.com/psirt x_SICK PSIRT Website
    https://cdn.sick.com/media/docs/1/11/411/Special_… x_SICK Operating Guidelines
    https://www.cisa.gov/resources-tools/resources/ic… x_ICS-CERT recommended practices on Industrial Security
    https://www.first.org/cvss/calculator/3.1 x_CVSS v3.1 Calculator
    https://www.sick.com/.well-known/csaf/white/2024/ vendor-advisory
    Impacted products
    Vendor Product Version
    SICK AG SICK MSC800 Affected: V1.0 , ≤ <=V4.25 (custom)
    Affected: S1.0 , ≤ <=S2.93.19 (custom)
    Create a notification for this product.
    sick msc800_firmware Affected: 1.0 , ≤ 4.25 (custom)
    Affected: 1.0 , ≤ s2.93.19 (custom)
        cpe:2.3:o:sick:msc800_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-09-12 21:33
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:sick:msc800_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "msc800_firmware",
                "vendor": "sick",
                "versions": [
                  {
                    "lessThanOrEqual": "4.25",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "s2.93.19",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8751",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-13T13:53:13.856056Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-13T14:02:19.375Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "SICK MSC800",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThanOrEqual": "\u003c=V4.25",
                  "status": "affected",
                  "version": "V1.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "\u003c=S2.93.19",
                  "status": "affected",
                  "version": "S1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2024-09-12T21:33:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product\u2019s IP\naddress over Sopas ET. \u003cbr\u003eThis can lead to Denial of Service. \u003cbr\u003eUsers are recommended to upgrade both\nMSC800 and MSC800 LFT to version V4.26 and S2.93.20 respectively which fixes this issue."
                }
              ],
              "value": "A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product\u2019s IP\naddress over Sopas ET. \nThis can lead to Denial of Service. \nUsers are recommended to upgrade both\nMSC800 and MSC800 LFT to version V4.26 and S2.93.20 respectively which fixes this issue."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-12T21:38:37.516Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "x_SICK PSIRT Website"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "tags": [
                "x_SICK Operating Guidelines"
              ],
              "url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
            },
            {
              "tags": [
                "x_ICS-CERT recommended practices on Industrial Security"
              ],
              "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
            },
            {
              "tags": [
                "x_CVSS v3.1 Calculator"
              ],
              "url": "https://www.first.org/cvss/calculator/3.1"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.sick.com/.well-known/csaf/white/2024/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Customers who use the version \u0026lt;=V4.25 are strongly recommended to upgrade to the latest\nrelease V4.26\n\n\u003cbr\u003e"
                }
              ],
              "value": "Customers who use the version \u003c=V4.25 are strongly recommended to upgrade to the latest\nrelease V4.26"
            },
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Customers who use the version \u0026lt;=S2.93.19 are strongly recommended to upgrade to the\nlatest release S2.93.20.\n\n\u003cbr\u003e"
                }
              ],
              "value": "Customers who use the version \u003c=S2.93.19 are strongly recommended to upgrade to the\nlatest release S2.93.20."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2024-09-12T21:36:00.000Z",
              "value": "1: Initial version"
            }
          ],
          "title": "Vulnerability in SICK MSC800",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2024-8751",
        "datePublished": "2024-09-12T21:38:37.516Z",
        "dateReserved": "2024-09-12T13:17:03.176Z",
        "dateUpdated": "2024-09-13T14:02:19.375Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-8751 (GCVE-0-2024-8751)

    Vulnerability from cvelistv5 – Published: 2024-09-12 21:38 – Updated: 2024-09-13 14:02
    VLAI
    Title
    Vulnerability in SICK MSC800
    Summary
    A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product’s IP address over Sopas ET. This can lead to Denial of Service. Users are recommended to upgrade both MSC800 and MSC800 LFT to version V4.26 and S2.93.20 respectively which fixes this issue.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    URL Tags
    https://sick.com/psirt x_SICK PSIRT Website
    https://cdn.sick.com/media/docs/1/11/411/Special_… x_SICK Operating Guidelines
    https://www.cisa.gov/resources-tools/resources/ic… x_ICS-CERT recommended practices on Industrial Security
    https://www.first.org/cvss/calculator/3.1 x_CVSS v3.1 Calculator
    https://www.sick.com/.well-known/csaf/white/2024/ vendor-advisory
    Impacted products
    Vendor Product Version
    SICK AG SICK MSC800 Affected: V1.0 , ≤ <=V4.25 (custom)
    Affected: S1.0 , ≤ <=S2.93.19 (custom)
    Create a notification for this product.
    sick msc800_firmware Affected: 1.0 , ≤ 4.25 (custom)
    Affected: 1.0 , ≤ s2.93.19 (custom)
        cpe:2.3:o:sick:msc800_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-09-12 21:33
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:sick:msc800_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "msc800_firmware",
                "vendor": "sick",
                "versions": [
                  {
                    "lessThanOrEqual": "4.25",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "s2.93.19",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8751",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-13T13:53:13.856056Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-13T14:02:19.375Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "SICK MSC800",
              "vendor": "SICK AG",
              "versions": [
                {
                  "lessThanOrEqual": "\u003c=V4.25",
                  "status": "affected",
                  "version": "V1.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "\u003c=S2.93.19",
                  "status": "affected",
                  "version": "S1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2024-09-12T21:33:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product\u2019s IP\naddress over Sopas ET. \u003cbr\u003eThis can lead to Denial of Service. \u003cbr\u003eUsers are recommended to upgrade both\nMSC800 and MSC800 LFT to version V4.26 and S2.93.20 respectively which fixes this issue."
                }
              ],
              "value": "A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product\u2019s IP\naddress over Sopas ET. \nThis can lead to Denial of Service. \nUsers are recommended to upgrade both\nMSC800 and MSC800 LFT to version V4.26 and S2.93.20 respectively which fixes this issue."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-12T21:38:37.516Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "x_SICK PSIRT Website"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "tags": [
                "x_SICK Operating Guidelines"
              ],
              "url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
            },
            {
              "tags": [
                "x_ICS-CERT recommended practices on Industrial Security"
              ],
              "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
            },
            {
              "tags": [
                "x_CVSS v3.1 Calculator"
              ],
              "url": "https://www.first.org/cvss/calculator/3.1"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.sick.com/.well-known/csaf/white/2024/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Customers who use the version \u0026lt;=V4.25 are strongly recommended to upgrade to the latest\nrelease V4.26\n\n\u003cbr\u003e"
                }
              ],
              "value": "Customers who use the version \u003c=V4.25 are strongly recommended to upgrade to the latest\nrelease V4.26"
            },
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Customers who use the version \u0026lt;=S2.93.19 are strongly recommended to upgrade to the\nlatest release S2.93.20.\n\n\u003cbr\u003e"
                }
              ],
              "value": "Customers who use the version \u003c=S2.93.19 are strongly recommended to upgrade to the\nlatest release S2.93.20."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2024-09-12T21:36:00.000Z",
              "value": "1: Initial version"
            }
          ],
          "title": "Vulnerability in SICK MSC800",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2024-8751",
        "datePublished": "2024-09-12T21:38:37.516Z",
        "dateReserved": "2024-09-12T13:17:03.176Z",
        "dateUpdated": "2024-09-13T14:02:19.375Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }