cve-2024-8751
Vulnerability from cvelistv5
Published
2024-09-12 21:38
Modified
2024-09-13 14:02
Severity ?
EPSS score ?
Summary
Vulnerability in SICK MSC800
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SICK AG | SICK MSC800 |
Version: V1.0 < Version: S1.0 < |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:sick:msc800_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "msc800_firmware",
"vendor": "sick",
"versions": [
{
"lessThanOrEqual": "4.25",
"status": "affected",
"version": "1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "s2.93.19",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8751",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T13:53:13.856056Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T14:02:19.375Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SICK MSC800",
"vendor": "SICK AG",
"versions": [
{
"lessThanOrEqual": "\u003c=V4.25",
"status": "affected",
"version": "V1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "\u003c=S2.93.19",
"status": "affected",
"version": "S1.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-09-12T21:33:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product\u2019s IP\naddress over Sopas ET. \u003cbr\u003eThis can lead to Denial of Service. \u003cbr\u003eUsers are recommended to upgrade both\nMSC800 and MSC800 LFT to version V4.26 and S2.93.20 respectively which fixes this issue."
}
],
"value": "A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product\u2019s IP\naddress over Sopas ET. \nThis can lead to Denial of Service. \nUsers are recommended to upgrade both\nMSC800 and MSC800 LFT to version V4.26 and S2.93.20 respectively which fixes this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T21:38:37.516Z",
"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"shortName": "SICK AG"
},
"references": [
{
"tags": [
"x_SICK PSIRT Website"
],
"url": "https://sick.com/psirt"
},
{
"tags": [
"x_SICK Operating Guidelines"
],
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"tags": [
"x_ICS-CERT recommended practices on Industrial Security"
],
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"tags": [
"x_CVSS v3.1 Calculator"
],
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2024/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Customers who use the version \u0026lt;=V4.25 are strongly recommended to upgrade to the latest\nrelease V4.26\n\n\u003cbr\u003e"
}
],
"value": "Customers who use the version \u003c=V4.25 are strongly recommended to upgrade to the latest\nrelease V4.26"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Customers who use the version \u0026lt;=S2.93.19 are strongly recommended to upgrade to the\nlatest release S2.93.20.\n\n\u003cbr\u003e"
}
],
"value": "Customers who use the version \u003c=S2.93.19 are strongly recommended to upgrade to the\nlatest release S2.93.20."
}
],
"source": {
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-09-12T21:36:00.000Z",
"value": "1: Initial version"
}
],
"title": "Vulnerability in SICK MSC800",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"assignerShortName": "SICK AG",
"cveId": "CVE-2024-8751",
"datePublished": "2024-09-12T21:38:37.516Z",
"dateReserved": "2024-09-12T13:17:03.176Z",
"dateUpdated": "2024-09-13T14:02:19.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-8751\",\"sourceIdentifier\":\"psirt@sick.de\",\"published\":\"2024-09-12T22:15:02.680\",\"lastModified\":\"2024-09-13T14:06:04.777\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product\u2019s IP\\naddress over Sopas ET. \\nThis can lead to Denial of Service. \\nUsers are recommended to upgrade both\\nMSC800 and MSC800 LFT to version V4.26 and S2.93.20 respectively which fixes this issue.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en el MSC800 permite que un atacante no autenticado modifique la direcci\u00f3n IP del producto a trav\u00e9s de Sopas ET. Esto puede provocar una denegaci\u00f3n de servicio. Se recomienda a los usuarios que actualicen tanto el MSC800 como el MSC800 LFT a las versiones V4.26 y S2.93.20 respectivamente, que solucionan este problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@sick.de\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"psirt@sick.de\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"references\":[{\"url\":\"https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF\",\"source\":\"psirt@sick.de\"},{\"url\":\"https://sick.com/psirt\",\"source\":\"psirt@sick.de\"},{\"url\":\"https://www.cisa.gov/resources-tools/resources/ics-recommended-practices\",\"source\":\"psirt@sick.de\"},{\"url\":\"https://www.first.org/cvss/calculator/3.1\",\"source\":\"psirt@sick.de\"},{\"url\":\"https://www.sick.com/.well-known/csaf/white/2024/\",\"source\":\"psirt@sick.de\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.