Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for msc800_firmware by sick

    CVE-2022-27577 (GCVE-0-2022-27577)

    Vulnerability from nvd – Published: 2022-04-11 19:37 – Updated: 2024-08-03 05:32
    VLAI
    Summary
    The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise services on the MSC800. SICK has released a new firmware version of the SICK MSC800 and recommends updating to the newest version.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://sick.com/psirt x_refsource_MISC
    Impacted products
    Vendor Product Version
    n/a SICK MSC800 Affected: All versions before 4.15
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:32:59.251Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://sick.com/psirt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SICK MSC800",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions before 4.15"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise services on the MSC800. SICK has released a new firmware version of the SICK MSC800 and recommends updating to the newest version."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-342",
                  "description": "CWE-342",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-11T19:37:47.000Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://sick.com/psirt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@sick.de",
              "ID": "CVE-2022-27577",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SICK MSC800",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions before 4.15"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise services on the MSC800. SICK has released a new firmware version of the SICK MSC800 and recommends updating to the newest version."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-342"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://sick.com/psirt",
                  "refsource": "MISC",
                  "url": "https://sick.com/psirt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2022-27577",
        "datePublished": "2022-04-11T19:37:47.000Z",
        "dateReserved": "2022-03-21T00:00:00.000Z",
        "dateUpdated": "2024-08-03T05:32:59.251Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-2075 (GCVE-0-2020-2075)

    Vulnerability from nvd – Published: 2020-08-31 17:09 – Updated: 2024-08-04 06:54
    VLAI
    Summary
    Platform mechanism AutoIP allows remote attackers to reboot the device via a crafted packet in SICK AG solutions Bulkscan LMS111, Bulkscan LMS511, CLV62x – CLV65x, ICR890-3, LMS10x, LMS11x, LMS15x, LMS12x, LMS13x, LMS14x, LMS5xx, LMS53x, MSC800, RFH.
    Severity
    No CVSS data available.
    CWE
    • CWE-703 - Improper Check or Handling of Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Bulkscan LMS111; Bulkscan LMS511; CLV62x – CLV65x; ICR890-3; LMS10x, LMS11x, LMS15x; LMS12x, LMS13x, LMS14x; LMS5xx, LMS53x; MSC800; RFH Affected: All Versions < V1.04
    Affected: All Versions < V2.30
    Affected: All versions with Ethernet interface
    Affected: All ICR890-3 and ICR890-3.5 devices all versions
    Affected: All Versions < V2.0
    Affected: All Versions < V2.10
    Affected: All versions
    Affected: All Versions < V4.10
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:54:00.593Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bulkscan LMS111; Bulkscan LMS511; CLV62x \u2013 CLV65x; ICR890-3; LMS10x, LMS11x, LMS15x; LMS12x, LMS13x, LMS14x; LMS5xx, LMS53x; MSC800; RFH",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Versions \u003c V1.04"
                },
                {
                  "status": "affected",
                  "version": "All Versions \u003c V2.30"
                },
                {
                  "status": "affected",
                  "version": "All versions with Ethernet interface"
                },
                {
                  "status": "affected",
                  "version": "All ICR890-3 and ICR890-3.5 devices all versions"
                },
                {
                  "status": "affected",
                  "version": "All Versions \u003c V2.0"
                },
                {
                  "status": "affected",
                  "version": "All Versions \u003c V2.10"
                },
                {
                  "status": "affected",
                  "version": "All versions"
                },
                {
                  "status": "affected",
                  "version": "All Versions \u003c V4.10"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Platform mechanism AutoIP allows remote attackers to reboot the device via a crafted packet in SICK AG solutions Bulkscan LMS111, Bulkscan LMS511, CLV62x \u2013 CLV65x, ICR890-3, LMS10x, LMS11x, LMS15x, LMS12x, LMS13x, LMS14x, LMS5xx, LMS53x, MSC800, RFH."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-703",
                  "description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-31T17:09:07.000Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@sick.de",
              "ID": "CVE-2020-2075",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Bulkscan LMS111; Bulkscan LMS511; CLV62x \u2013 CLV65x; ICR890-3; LMS10x, LMS11x, LMS15x; LMS12x, LMS13x, LMS14x; LMS5xx, LMS53x; MSC800; RFH",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All Versions \u003c V1.04"
                              },
                              {
                                "version_value": "All Versions \u003c V2.30"
                              },
                              {
                                "version_value": "All versions with Ethernet interface"
                              },
                              {
                                "version_value": "All ICR890-3 and ICR890-3.5 devices all versions"
                              },
                              {
                                "version_value": "All Versions \u003c V2.0"
                              },
                              {
                                "version_value": "All Versions \u003c V2.10"
                              },
                              {
                                "version_value": "All versions"
                              },
                              {
                                "version_value": "All Versions \u003c V4.10"
                              },
                              {
                                "version_value": "All versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Platform mechanism AutoIP allows remote attackers to reboot the device via a crafted packet in SICK AG solutions Bulkscan LMS111, Bulkscan LMS511, CLV62x \u2013 CLV65x, ICR890-3, LMS10x, LMS11x, LMS15x, LMS12x, LMS13x, LMS14x, LMS5xx, LMS53x, MSC800, RFH."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-703: Improper Check or Handling of Exceptional Conditions"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories",
                  "refsource": "MISC",
                  "url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2020-2075",
        "datePublished": "2020-08-31T17:09:07.000Z",
        "dateReserved": "2019-12-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:54:00.593Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-10979 (GCVE-0-2019-10979)

    Vulnerability from nvd – Published: 2019-07-01 20:05 – Updated: 2024-08-04 22:40
    VLAI
    Summary
    SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password.
    Severity
    No CVSS data available.
    CWE
    • CWE-798 - USE OF HARD-CODED CREDENTIALS CWE-798
    Assigner
    References
    Impacted products
    Vendor Product Version
    SICK MSC800 Affected: all versions prior to Version 4.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:40:15.569Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "108924",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/108924"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-04"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MSC800",
              "vendor": "SICK",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions prior to Version 4.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "USE OF HARD-CODED CREDENTIALS CWE-798",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-01T12:53:22.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "name": "108924",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/108924"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-04"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2019-10979",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MSC800",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions prior to Version 4.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SICK"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "USE OF HARD-CODED CREDENTIALS CWE-798"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "108924",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/108924"
                },
                {
                  "name": "https://www.us-cert.gov/ics/advisories/icsa-19-178-04",
                  "refsource": "MISC",
                  "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-04"
                },
                {
                  "name": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories",
                  "refsource": "CONFIRM",
                  "url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2019-10979",
        "datePublished": "2019-07-01T20:05:10.000Z",
        "dateReserved": "2019-04-08T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:40:15.569Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-27577 (GCVE-0-2022-27577)

    Vulnerability from cvelistv5 – Published: 2022-04-11 19:37 – Updated: 2024-08-03 05:32
    VLAI
    Summary
    The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise services on the MSC800. SICK has released a new firmware version of the SICK MSC800 and recommends updating to the newest version.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://sick.com/psirt x_refsource_MISC
    Impacted products
    Vendor Product Version
    n/a SICK MSC800 Affected: All versions before 4.15
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:32:59.251Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://sick.com/psirt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SICK MSC800",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions before 4.15"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise services on the MSC800. SICK has released a new firmware version of the SICK MSC800 and recommends updating to the newest version."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-342",
                  "description": "CWE-342",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-11T19:37:47.000Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://sick.com/psirt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@sick.de",
              "ID": "CVE-2022-27577",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SICK MSC800",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions before 4.15"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise services on the MSC800. SICK has released a new firmware version of the SICK MSC800 and recommends updating to the newest version."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-342"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://sick.com/psirt",
                  "refsource": "MISC",
                  "url": "https://sick.com/psirt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2022-27577",
        "datePublished": "2022-04-11T19:37:47.000Z",
        "dateReserved": "2022-03-21T00:00:00.000Z",
        "dateUpdated": "2024-08-03T05:32:59.251Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-2075 (GCVE-0-2020-2075)

    Vulnerability from cvelistv5 – Published: 2020-08-31 17:09 – Updated: 2024-08-04 06:54
    VLAI
    Summary
    Platform mechanism AutoIP allows remote attackers to reboot the device via a crafted packet in SICK AG solutions Bulkscan LMS111, Bulkscan LMS511, CLV62x – CLV65x, ICR890-3, LMS10x, LMS11x, LMS15x, LMS12x, LMS13x, LMS14x, LMS5xx, LMS53x, MSC800, RFH.
    Severity
    No CVSS data available.
    CWE
    • CWE-703 - Improper Check or Handling of Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Bulkscan LMS111; Bulkscan LMS511; CLV62x – CLV65x; ICR890-3; LMS10x, LMS11x, LMS15x; LMS12x, LMS13x, LMS14x; LMS5xx, LMS53x; MSC800; RFH Affected: All Versions < V1.04
    Affected: All Versions < V2.30
    Affected: All versions with Ethernet interface
    Affected: All ICR890-3 and ICR890-3.5 devices all versions
    Affected: All Versions < V2.0
    Affected: All Versions < V2.10
    Affected: All versions
    Affected: All Versions < V4.10
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:54:00.593Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bulkscan LMS111; Bulkscan LMS511; CLV62x \u2013 CLV65x; ICR890-3; LMS10x, LMS11x, LMS15x; LMS12x, LMS13x, LMS14x; LMS5xx, LMS53x; MSC800; RFH",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Versions \u003c V1.04"
                },
                {
                  "status": "affected",
                  "version": "All Versions \u003c V2.30"
                },
                {
                  "status": "affected",
                  "version": "All versions with Ethernet interface"
                },
                {
                  "status": "affected",
                  "version": "All ICR890-3 and ICR890-3.5 devices all versions"
                },
                {
                  "status": "affected",
                  "version": "All Versions \u003c V2.0"
                },
                {
                  "status": "affected",
                  "version": "All Versions \u003c V2.10"
                },
                {
                  "status": "affected",
                  "version": "All versions"
                },
                {
                  "status": "affected",
                  "version": "All Versions \u003c V4.10"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Platform mechanism AutoIP allows remote attackers to reboot the device via a crafted packet in SICK AG solutions Bulkscan LMS111, Bulkscan LMS511, CLV62x \u2013 CLV65x, ICR890-3, LMS10x, LMS11x, LMS15x, LMS12x, LMS13x, LMS14x, LMS5xx, LMS53x, MSC800, RFH."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-703",
                  "description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-31T17:09:07.000Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@sick.de",
              "ID": "CVE-2020-2075",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Bulkscan LMS111; Bulkscan LMS511; CLV62x \u2013 CLV65x; ICR890-3; LMS10x, LMS11x, LMS15x; LMS12x, LMS13x, LMS14x; LMS5xx, LMS53x; MSC800; RFH",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All Versions \u003c V1.04"
                              },
                              {
                                "version_value": "All Versions \u003c V2.30"
                              },
                              {
                                "version_value": "All versions with Ethernet interface"
                              },
                              {
                                "version_value": "All ICR890-3 and ICR890-3.5 devices all versions"
                              },
                              {
                                "version_value": "All Versions \u003c V2.0"
                              },
                              {
                                "version_value": "All Versions \u003c V2.10"
                              },
                              {
                                "version_value": "All versions"
                              },
                              {
                                "version_value": "All Versions \u003c V4.10"
                              },
                              {
                                "version_value": "All versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Platform mechanism AutoIP allows remote attackers to reboot the device via a crafted packet in SICK AG solutions Bulkscan LMS111, Bulkscan LMS511, CLV62x \u2013 CLV65x, ICR890-3, LMS10x, LMS11x, LMS15x, LMS12x, LMS13x, LMS14x, LMS5xx, LMS53x, MSC800, RFH."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-703: Improper Check or Handling of Exceptional Conditions"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories",
                  "refsource": "MISC",
                  "url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2020-2075",
        "datePublished": "2020-08-31T17:09:07.000Z",
        "dateReserved": "2019-12-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:54:00.593Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-10979 (GCVE-0-2019-10979)

    Vulnerability from cvelistv5 – Published: 2019-07-01 20:05 – Updated: 2024-08-04 22:40
    VLAI
    Summary
    SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password.
    Severity
    No CVSS data available.
    CWE
    • CWE-798 - USE OF HARD-CODED CREDENTIALS CWE-798
    Assigner
    References
    Impacted products
    Vendor Product Version
    SICK MSC800 Affected: all versions prior to Version 4.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:40:15.569Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "108924",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/108924"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-04"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MSC800",
              "vendor": "SICK",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions prior to Version 4.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "USE OF HARD-CODED CREDENTIALS CWE-798",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-01T12:53:22.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "name": "108924",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/108924"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-04"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2019-10979",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MSC800",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions prior to Version 4.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SICK"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "USE OF HARD-CODED CREDENTIALS CWE-798"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "108924",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/108924"
                },
                {
                  "name": "https://www.us-cert.gov/ics/advisories/icsa-19-178-04",
                  "refsource": "MISC",
                  "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-04"
                },
                {
                  "name": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories",
                  "refsource": "CONFIRM",
                  "url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2019-10979",
        "datePublished": "2019-07-01T20:05:10.000Z",
        "dateReserved": "2019-04-08T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:40:15.569Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }