sca-2020-0003
Vulnerability from csaf_sick
Published
2020-08-07 10:00
Modified
2020-08-07 10:00
Summary
MEAC affected by Windows SMBv3 vulnerability

Notes

Summary
Microsoft disclosed a critical vulnerability in the way Microsoft Server Message Block 3.1.1 (SMBv3) handles compressed connections. That may allow unauthenticated attackers to execute arbitrary code on a vulnerable device. Since the MEAC central emission monitoring computer (EPC) acts as a SMB server to provide MEAC workstations with access to the filesystem in distributed MEAC-systems, the devices are affected by this vulnerability. Exploitation of this vulnerability could lead to remote code execution under login with administrator privileges.
Affected Products
All MEAC2012 or MEAC300 computers that equipped with Windows 10 Version 1903 or 1909 are affected, regardless if they are operated in a distributed MEAC-system or not, as the SMB ports are set to open during the setup of the computers.
General Security Measures
As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.
Vulnerability Classification
SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.


To clipboard 

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "audience": "all",
        "category": "summary",
        "text": "Microsoft disclosed a critical vulnerability in the way Microsoft Server Message Block 3.1.1 (SMBv3)\nhandles compressed connections. That may allow unauthenticated attackers to execute arbitrary code\non a vulnerable device.\nSince the MEAC central emission monitoring computer (EPC) acts as a SMB server to provide MEAC\nworkstations with access to the filesystem in distributed MEAC-systems, the devices are affected by\nthis vulnerability. Exploitation of this vulnerability could lead to remote code execution under login with\nadministrator privileges.",
        "title": "Summary"
      },
      {
        "audience": "all",
        "category": "details",
        "text": "All MEAC2012 or MEAC300 computers that equipped with Windows 10 Version 1903 or 1909 are\naffected, regardless if they are operated in a distributed MEAC-system or not, as the SMB ports are\nset to open during the setup of the computers.",
        "title": "Affected Products"
      },
      {
        "category": "general",
        "text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.",
        "title": "General Security Measures"
      },
      {
        "category": "general",
        "text": "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer\u2019s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.",
        "title": "Vulnerability Classification"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@sick.de",
      "issuing_authority": "SICK PSIRT is responsible for any vulnerabilities related to SICK products.",
      "name": "SICK PSIRT",
      "namespace": "https://sick.com/psirt"
    },
    "references": [
      {
        "summary": "SICK PSIRT Security Advisories",
        "url": "https://sick.com/psirt"
      },
      {
        "summary": "SICK Operating Guidelines",
        "url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
      },
      {
        "summary": "ICS-CERT recommended practices on Industrial Security",
        "url": "http://ics-cert.us-cert.gov/content/recommended-practices"
      },
      {
        "summary": "CVSS v3.1 Calculator",
        "url": "https://www.first.org/cvss/calculator/3.1"
      },
      {
        "category": "self",
        "summary": "The canonical URL.",
        "url": "https://www.sick.com/.well-known/csaf/white/2020/sca-2020-0003.json"
      }
    ],
    "title": "MEAC affected by Windows SMBv3 vulnerability",
    "tracking": {
      "current_release_date": "2020-08-07T10:00:00.000Z",
      "generator": {
        "date": "2023-02-09T14:30:39.946Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.0.0"
        }
      },
      "id": "SCA-2020-0003",
      "initial_release_date": "2020-08-07T10:00:00.000Z",
      "revision_history": [
        {
          "date": "2020-08-07T10:00:00.000Z",
          "number": "1",
          "summary": "Initial Release"
        },
        {
          "date": "2023-02-09T11:00:00.000Z",
          "number": "2",
          "summary": "Updated Advisory (only visual changes)"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SICK MEAC2012 vers:all/*",
                  "product_id": "CSAFPID-0001",
                  "product_identification_helper": {
                    "x_generic_uris": [
                      {
                        "namespace": "SICK:Website",
                        "uri": "SICK:Website:"
                      }
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "MEAC2012"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SICK MEAC300 vers:all/*",
                  "product_id": "CSAFPID-0002",
                  "product_identification_helper": {
                    "x_generic_uris": [
                      {
                        "namespace": "SICK:Website",
                        "uri": "SICK:Website:https://www.sick.com/de/de/p/p475070"
                      }
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "MEAC300"
          }
        ],
        "category": "vendor",
        "name": "SICK AG"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Version 1903 \u0026 1909",
                "product": {
                  "name": "Microsoft Windows 10 Version 1903 \u0026 1909",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 10"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK MEAC2012 with Microsoft Windows 10 Version 1903 \u0026 1909",
          "product_id": "CSAFPID-0004"
        },
        "product_reference": "CSAFPID-0003",
        "relates_to_product_reference": "CSAFPID-0001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK MEAC300 with Microsoft Windows 10 Version 1903 \u0026 1909",
          "product_id": "CSAFPID-0005"
        },
        "product_reference": "CSAFPID-0003",
        "relates_to_product_reference": "CSAFPID-0002"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-0796",
      "notes": [
        {
          "category": "description",
          "text": "A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka \u2019Windows SMBv3 Client/Server Remote Code Execution Vulnerability\u2019.",
          "title": "CVE Description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0004",
          "CSAFPID-0005"
        ]
      },
      "references": [
        {
          "summary": "Microsoft Security Advisory",
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "This issue has been addressed in the Microsoft update for CVE-2020-0796.",
          "product_ids": [
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv200005#ID0EUGAC"
        },
        {
          "category": "mitigation",
          "details": "Should Microsoft\u0027s remediation not be possible, we recommend following the workaround suggested by Microsoft and operate the MEAC in a protected networking environment. Blocking TCP port 445 at the perimeter firewall of the network segment will help to protect systems that are behind that firewall from exploits of this vulnerability.",
          "product_ids": [
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        }
      ]
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.