sca-2020-0001
Vulnerability from csaf_sick
Published
2020-05-31 10:00
Modified
2020-05-31 10:00
Summary
Security Information Regarding "Profile Programming"
Notes
Summary
The customer IOActive provided a Security Advisory report to SICK AG referring to the feature profile programming with regards to the listed affected products. Certain SICK products support profile programming with bar codes, generated and printed via SOPAS ET.
General Security Measures
As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.
Vulnerability Classification
SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.
{
"document": {
"acknowledgments": [
{
"names": [
"Ruben Santamarta, Principal Security Consultant"
],
"organization": "IOActive",
"summary": "his research and the report"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"audience": "all",
"category": "summary",
"text": "The customer IOActive provided a Security Advisory report to SICK AG referring to the feature profile programming with regards to the listed affected products. Certain SICK products support profile programming with bar codes, generated and printed via SOPAS ET.",
"title": "Summary"
},
{
"category": "general",
"text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.",
"title": "General Security Measures"
},
{
"category": "general",
"text": "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer\u2019s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.",
"title": "Vulnerability Classification"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@sick.de",
"issuing_authority": "SICK PSIRT is responsible for any vulnerabilities related to SICK products.",
"name": "SICK PSIRT",
"namespace": "https://sick.com/psirt"
},
"references": [
{
"summary": "SICK PSIRT Security Advisories",
"url": "https://sick.com/psirt"
},
{
"summary": "SICK Operating Guidelines",
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"summary": "ICS-CERT recommended practices on Industrial Security",
"url": "http://ics-cert.us-cert.gov/content/recommended-practices"
},
{
"summary": "CVSS v3.1 Calculator",
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"category": "self",
"summary": "The canonical URL.",
"url": "https://www.sick.com/.well-known/csaf/white/2020/sca-2020-0001.json"
}
],
"title": "Security Information Regarding \"Profile Programming\"",
"tracking": {
"current_release_date": "2020-05-31T10:00:00.000Z",
"generator": {
"date": "2023-02-10T12:08:05.568Z",
"engine": {
"name": "Secvisogram",
"version": "2.0.0"
}
},
"id": "SCA-2020-0001",
"initial_release_date": "2020-05-31T10:00:00.000Z",
"revision_history": [
{
"date": "2020-05-31T10:00:00.000Z",
"number": "1",
"summary": "Initial Release"
},
{
"date": "2023-02-10T11:00:00.000Z",
"number": "2",
"summary": "Updated Advisory (only visual changes)"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK CLV62x all versions",
"product_id": "CSAFPID-0001",
"product_identification_helper": {
"x_generic_uris": [
{
"namespace": "SICK:Website",
"uri": "SICK:Website:https://www.sick.com/de/de/identifikationsloesungen/stationaere-barcode-scanner/clv62x/c/g79824"
}
]
}
}
}
],
"category": "product_name",
"name": "CLV62x"
}
],
"category": "product_family",
"name": "CLV62x"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK CLV63x all versions",
"product_id": "CSAFPID-0002",
"product_identification_helper": {
"x_generic_uris": [
{
"namespace": "SICK:Website",
"uri": "SICK:Website:https://www.sick.com/de/de/identifikationsloesungen/stationaere-barcode-scanner/clv63x/c/g79846"
}
]
}
}
}
],
"category": "product_name",
"name": "CLV63x"
}
],
"category": "product_family",
"name": "CLV63x"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK CLV64x all versions",
"product_id": "CSAFPID-0003",
"product_identification_helper": {
"x_generic_uris": [
{
"namespace": "SICK:Website",
"uri": "SICK:Website:https://www.sick.com/de/de/identifikationsloesungen/stationaere-barcode-scanner/clv64x/c/g79874"
}
]
}
}
}
],
"category": "product_name",
"name": "CLV64x"
}
],
"category": "product_family",
"name": "CLV64x"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK CLV65x all versions",
"product_id": "CSAFPID-0004",
"product_identification_helper": {
"x_generic_uris": [
{
"namespace": "SICK:Website",
"uri": "SICK:Website:https://www.sick.com/de/de/identifikationsloesungen/stationaere-barcode-scanner/clv65x/c/g79879"
}
]
}
}
}
],
"category": "product_name",
"name": "CLV65x"
}
],
"category": "product_family",
"name": "CLV65x"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.10",
"product": {
"name": "SICK CLV62x Firmware \u003c=6.10",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "CLV62x Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.10",
"product": {
"name": "SICK CLV63x Firmware \u003c=6.10",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "CLV63x Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.10",
"product": {
"name": "SICK CLV64x Firmware \u003c=6.10",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "CLV64x Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.10",
"product": {
"name": "SICK CLV65x Firmware \u003c=6.10",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "CLV65x Firmware"
}
],
"category": "vendor",
"name": "SICK AG"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "SICK CLV62x with Firmware \u003c=6.10",
"product_id": "CSAFPID-0009"
},
"product_reference": "CSAFPID-0005",
"relates_to_product_reference": "CSAFPID-0001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK CLV63x with Firmware \u003c=6.10",
"product_id": "CSAFPID-0010"
},
"product_reference": "CSAFPID-0006",
"relates_to_product_reference": "CSAFPID-0002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK CLV64x with Firmware \u003c=6.10",
"product_id": "CSAFPID-0011"
},
"product_reference": "CSAFPID-0007",
"relates_to_product_reference": "CSAFPID-0003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK CLV65x with Firmware \u003c=6.10",
"product_id": "CSAFPID-0012"
},
"product_reference": "CSAFPID-0008",
"relates_to_product_reference": "CSAFPID-0004"
}
]
},
"vulnerabilities": [
{
"cwe": {
"id": "CWE-15",
"name": "External Control of System or Configuration Setting"
},
"notes": [
{
"category": "summary",
"text": "The functionality profile programming relies in custom CODE128 bar codes that once scanned will trigger certain actions in the device, which can be leveraged to change configuration settings. These custom barcodes do not implement any kind of authentication, so once bar codes are generated, they will work on any SICK device that support them. \n\nAs a result, an attacker that is able to physically present a malicious \"profile programming\" bar code to the affected device can either render it inoperable or change settings to facilitate further attacks."
}
],
"product_status": {
"known_affected": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Deactivation of profile programming Profile programming is active by factory default. To deactivate the feature a login via user level \"service\" is required. In parameter tree section, \"Parameter\" under the area \"General\" the user is able to select enable or disable the feature \"profile programming\".",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012"
]
}
],
"threats": [
{
"category": "impact",
"details": "An attacker with the ability to present special barcodes under his control to the affected devices, with enabled \"profile programming\", is able to change the configuration without any authentication required. This could lead to an impact on availability, integrity and confidentiality. The configuration is not possible if \"Parametrization by profile programming is allowed\" is disabled."
}
]
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.