sca-2020-0004
Vulnerability from csaf_sick
Published
2020-08-31 10:00
Modified
2020-08-31 10:00
Summary
Vulnerability in Platform Mechanism AutoIP
Notes
Summary
SICK received a report from IOActive that informed SICK about a security vulnerability within the platform mechanism AutoIP, used by multiple devices.
SICK recommends updating to the newest version. Refer to the recommended remediations for affected products where no update is available.
Currently SICK is not aware of any public exploits specifically targeting this vulnerability.
General Security Measures
As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.
Vulnerability Classification
SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.
{
"document": {
"acknowledgments": [
{
"names": [
"Ruben Santamarta"
],
"organization": "IOActive",
"summary": "his research and the report."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"audience": "all",
"category": "summary",
"text": "SICK received a report from IOActive that informed SICK about a security vulnerability within the platform mechanism AutoIP, used by multiple devices. \n\nSICK recommends updating to the newest version. Refer to the recommended remediations for affected products where no update is available. \n\nCurrently SICK is not aware of any public exploits specifically targeting this vulnerability.",
"title": "Summary"
},
{
"category": "general",
"text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.",
"title": "General Security Measures"
},
{
"category": "general",
"text": "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer\u2019s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.",
"title": "Vulnerability Classification"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@sick.de",
"issuing_authority": "SICK PSIRT is responsible for any vulnerabilities related to SICK products.",
"name": "SICK PSIRT",
"namespace": "https://sick.com/psirt"
},
"references": [
{
"summary": "SICK PSIRT Security Advisories",
"url": "https://sick.com/psirt"
},
{
"summary": "SICK Operating Guidelines",
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"summary": "ICS-CERT recommended practices on Industrial Security",
"url": "http://ics-cert.us-cert.gov/content/recommended-practices"
},
{
"summary": "CVSS v3.1 Calculator",
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"category": "self",
"summary": "The canonical URL.",
"url": "https://www.sick.com/.well-known/csaf/white/2020/sca-2020-0004.json"
}
],
"title": "Vulnerability in Platform Mechanism AutoIP",
"tracking": {
"current_release_date": "2020-08-31T10:00:00.000Z",
"generator": {
"date": "2023-02-10T13:05:04.376Z",
"engine": {
"name": "Secvisogram",
"version": "2.0.0"
}
},
"id": "SCA-2020-0004",
"initial_release_date": "2020-08-31T10:00:00.000Z",
"revision_history": [
{
"date": "2020-10-29T11:00:00.000Z",
"number": "1",
"summary": "Initial Release"
},
{
"date": "2023-02-10T11:00:00.000Z",
"number": "2",
"summary": "Updated Advisory (only visual changes)"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK CLV62x all versions",
"product_id": "CSAFPID-0001",
"product_identification_helper": {
"x_generic_uris": [
{
"namespace": "SICK:Website",
"uri": "SICK:Website:https://www.sick.com/de/de/identifikationsloesungen/stationaere-barcode-scanner/clv62x/c/g79824"
}
]
}
}
}
],
"category": "product_name",
"name": "CLV62x"
}
],
"category": "product_family",
"name": "CLV62x"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK CLV63x all versions",
"product_id": "CSAFPID-0002",
"product_identification_helper": {
"x_generic_uris": [
{
"namespace": "SICK:Website",
"uri": "SICK:Website:https://www.sick.com/de/de/identifikationsloesungen/stationaere-barcode-scanner/clv63x/c/g79846"
}
]
}
}
}
],
"category": "product_name",
"name": "CLV63x"
}
],
"category": "product_family",
"name": "CLV63x"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK CLV64x all versions",
"product_id": "CSAFPID-0003",
"product_identification_helper": {
"x_generic_uris": [
{
"namespace": "SICK:Website",
"uri": "SICK:Website:https://www.sick.com/de/de/identifikationsloesungen/stationaere-barcode-scanner/clv64x/c/g79874"
}
]
}
}
}
],
"category": "product_name",
"name": "CLV64x"
}
],
"category": "product_family",
"name": "CLV64x"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK CLV65x all versions",
"product_id": "CSAFPID-0004",
"product_identification_helper": {
"x_generic_uris": [
{
"namespace": "SICK:Website",
"uri": "SICK:Website:https://www.sick.com/de/de/identifikationsloesungen/stationaere-barcode-scanner/clv65x/c/g79879"
}
]
}
}
}
],
"category": "product_name",
"name": "CLV65x"
}
],
"category": "product_family",
"name": "CLV65x"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK LMS10x all versions",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "LMS10x"
}
],
"category": "product_family",
"name": "LMS10x"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK LMS11x all versions",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "LMS11x"
}
],
"category": "product_family",
"name": "LMS11x"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK LMS15x all versions",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "LMS15x"
}
],
"category": "product_family",
"name": "LMS15x"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK LMS12x all versions",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "LMS12x"
}
],
"category": "product_family",
"name": "LMS12x"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK LMS13x all versions",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "LMS13x"
}
],
"category": "product_family",
"name": "LMS13x"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK LMS14x all versions",
"product_id": "CSAFPID-0010"
}
}
],
"category": "product_name",
"name": "LMS14x"
}
],
"category": "product_family",
"name": "LMS14x"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK LMS5xx all versions",
"product_id": "CSAFPID-0011",
"product_identification_helper": {
"x_generic_uris": [
{
"namespace": "SICK:Website",
"uri": "SICK:Website:https://www.sick.com/de/de/lidar-sensoren/2d-lidar-sensoren/lms5xx/c/g179651"
}
]
}
}
}
],
"category": "product_name",
"name": "LMS5xx"
}
],
"category": "product_family",
"name": "LMS5xx"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK LMS53x all versions",
"product_id": "CSAFPID-0012"
}
}
],
"category": "product_name",
"name": "LMS53x"
}
],
"category": "product_family",
"name": "LMS53x"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK MSC800 all versions",
"product_id": "CSAFPID-0013"
}
}
],
"category": "product_name",
"name": "MSC800"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK RFH all versions",
"product_id": "CSAFPID-0014"
}
}
],
"category": "product_name",
"name": "RFH"
},
{
"branches": [
{
"category": "product_version_range",
"name": "ICR890-3\u0026ICR890-3.5",
"product": {
"name": "SICK ICR890-3 ICR890-3\u0026ICR890-3.5",
"product_id": "CSAFPID-0015"
}
}
],
"category": "product_name",
"name": "ICR890-3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK Bulkscan LMS111 all versions",
"product_id": "CSAFPID-0016"
}
}
],
"category": "product_name",
"name": "Bulkscan LMS111"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK Bulkscan LMS511 all versions",
"product_id": "CSAFPID-0017"
}
}
],
"category": "product_name",
"name": "Bulkscan LMS511"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.10",
"product": {
"name": "SICK CLV62x Firmware \u003c=6.10",
"product_id": "CSAFPID-0018"
}
}
],
"category": "product_name",
"name": "CLV62x Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.10",
"product": {
"name": "SICK CLV63x Firmware \u003c=6.10",
"product_id": "CSAFPID-0019"
}
}
],
"category": "product_name",
"name": "CLV63x Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.10",
"product": {
"name": "SICK CLV64x Firmware \u003c=6.10",
"product_id": "CSAFPID-0020"
}
}
],
"category": "product_name",
"name": "CLV64x Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.10",
"product": {
"name": "SICK CLV65x Firmware \u003c=6.10",
"product_id": "CSAFPID-0021"
}
}
],
"category": "product_name",
"name": "CLV65x Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.0",
"product": {
"name": "SICK LMS10x Firmware \u003c2.0",
"product_id": "CSAFPID-0022"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "SICK LMS10x Firmware 2.0",
"product_id": "CSAFPID-0023"
}
}
],
"category": "product_name",
"name": "LMS10x Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.0",
"product": {
"name": "SICK LMS11x Firmware \u003c2.0",
"product_id": "CSAFPID-0024"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "SICK LMS11x Firmware 2.0",
"product_id": "CSAFPID-0025"
}
}
],
"category": "product_name",
"name": "LMS11x Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.0",
"product": {
"name": "SICK LMS15x Firmware \u003c2.0",
"product_id": "CSAFPID-0026"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "SICK LMS15x Firmware 2.0",
"product_id": "CSAFPID-0027"
}
}
],
"category": "product_name",
"name": "LMS15x Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.1",
"product": {
"name": "SICK LMS12x Firmware \u003c2.1",
"product_id": "CSAFPID-0028"
}
},
{
"category": "product_version",
"name": "2.1",
"product": {
"name": "SICK LMS12x Firmware 2.1",
"product_id": "CSAFPID-0029"
}
}
],
"category": "product_name",
"name": "LMS12x Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.1",
"product": {
"name": "SICK LMS13x Firmware \u003c2.1",
"product_id": "CSAFPID-0030"
}
},
{
"category": "product_version",
"name": "2.1",
"product": {
"name": "SICK LMS13x Firmware 2.1",
"product_id": "CSAFPID-0031"
}
}
],
"category": "product_name",
"name": "LMS13x Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.1",
"product": {
"name": "SICK LMS14x Firmware \u003c2.1",
"product_id": "CSAFPID-0032"
}
},
{
"category": "product_version",
"name": "2.1",
"product": {
"name": "SICK LMS14x Firmware 2.1",
"product_id": "CSAFPID-0033"
}
}
],
"category": "product_name",
"name": "LMS14x Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK LMS5xx Firmware all versions",
"product_id": "CSAFPID-0034"
}
}
],
"category": "product_name",
"name": "LMS5xx Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK LMS53x Firmware all versions",
"product_id": "CSAFPID-0035"
}
}
],
"category": "product_name",
"name": "LMS53x Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.1",
"product": {
"name": "SICK MSC800 Firmware \u003c4.1",
"product_id": "CSAFPID-0036"
}
},
{
"category": "product_version",
"name": "4.1",
"product": {
"name": "SICK MSC800 Firmware 4.1",
"product_id": "CSAFPID-0037"
}
}
],
"category": "product_name",
"name": "MSC800 Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK RFH Firmware all versions",
"product_id": "CSAFPID-0038"
}
}
],
"category": "product_name",
"name": "RFH Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK ICR890-3 Firmware all versions",
"product_id": "CSAFPID-0039"
}
}
],
"category": "product_name",
"name": "ICR890-3 Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.04",
"product": {
"name": "SICK Bulkscan LMS111 Firmware \u003c1.04",
"product_id": "CSAFPID-0040"
}
},
{
"category": "product_version",
"name": "1.04",
"product": {
"name": "SICK Bulkscan LMS111 Firmware 1.04",
"product_id": "CSAFPID-0041"
}
}
],
"category": "product_name",
"name": "Bulkscan LMS111 Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.3",
"product": {
"name": "SICK Bulkscan LMS511 Firmware \u003c2.3",
"product_id": "CSAFPID-0042"
}
},
{
"category": "product_version",
"name": "2.3",
"product": {
"name": "SICK Bulkscan LMS511 Firmware 2.3",
"product_id": "CSAFPID-0043"
}
}
],
"category": "product_name",
"name": "Bulkscan LMS511 Firmware"
}
],
"category": "vendor",
"name": "SICK AG"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "SICK CLV62x with Firmware \u003c=6.10",
"product_id": "CSAFPID-0044"
},
"product_reference": "CSAFPID-0018",
"relates_to_product_reference": "CSAFPID-0001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK CLV63x with Firmware \u003c=6.10",
"product_id": "CSAFPID-0045"
},
"product_reference": "CSAFPID-0019",
"relates_to_product_reference": "CSAFPID-0002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK CLV64x with Firmware \u003c=6.10",
"product_id": "CSAFPID-0046"
},
"product_reference": "CSAFPID-0020",
"relates_to_product_reference": "CSAFPID-0003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK CLV65x with Firmware \u003c=6.10",
"product_id": "CSAFPID-0047"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK LMS10x with Firmware \u003c2.0",
"product_id": "CSAFPID-0048"
},
"product_reference": "CSAFPID-0022",
"relates_to_product_reference": "CSAFPID-0005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK LMS11x with Firmware \u003c2.0",
"product_id": "CSAFPID-0049"
},
"product_reference": "CSAFPID-0024",
"relates_to_product_reference": "CSAFPID-0006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK LMS15x with Firmware \u003c2.0",
"product_id": "CSAFPID-0050"
},
"product_reference": "CSAFPID-0026",
"relates_to_product_reference": "CSAFPID-0007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK LMS12x with Firmware \u003c2.1",
"product_id": "CSAFPID-0051"
},
"product_reference": "CSAFPID-0028",
"relates_to_product_reference": "CSAFPID-0008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK LMS13x with Firmware \u003c2.1",
"product_id": "CSAFPID-0052"
},
"product_reference": "CSAFPID-0030",
"relates_to_product_reference": "CSAFPID-0009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK LMS14x with Firmware \u003c2.1",
"product_id": "CSAFPID-0053"
},
"product_reference": "CSAFPID-0032",
"relates_to_product_reference": "CSAFPID-0010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK LMS5xx all Firmware versions",
"product_id": "CSAFPID-0054"
},
"product_reference": "CSAFPID-0034",
"relates_to_product_reference": "CSAFPID-0011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK LMS53x all Firmware versions",
"product_id": "CSAFPID-0055"
},
"product_reference": "CSAFPID-0035",
"relates_to_product_reference": "CSAFPID-0012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK MSC800 with Firmware \u003c4.1",
"product_id": "CSAFPID-0056"
},
"product_reference": "CSAFPID-0036",
"relates_to_product_reference": "CSAFPID-0013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK RFH all Firmware versions",
"product_id": "CSAFPID-0057"
},
"product_reference": "CSAFPID-0038",
"relates_to_product_reference": "CSAFPID-0014"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK ICR890-3 all Firmware versions",
"product_id": "CSAFPID-0058"
},
"product_reference": "CSAFPID-0039",
"relates_to_product_reference": "CSAFPID-0015"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK Bulkscan LMS111 with Firmware \u003c1.04",
"product_id": "CSAFPID-0059"
},
"product_reference": "CSAFPID-0040",
"relates_to_product_reference": "CSAFPID-0016"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK Bulkscan LMS511 with Firmware \u003c2.3",
"product_id": "CSAFPID-0060"
},
"product_reference": "CSAFPID-0042",
"relates_to_product_reference": "CSAFPID-0017"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK LMS10x with Firmware 2.0",
"product_id": "CSAFPID-0061"
},
"product_reference": "CSAFPID-0023",
"relates_to_product_reference": "CSAFPID-0005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK LMS11x with Firmware 2.0",
"product_id": "CSAFPID-0062"
},
"product_reference": "CSAFPID-0025",
"relates_to_product_reference": "CSAFPID-0006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK LMS15x with Firmware 2.0",
"product_id": "CSAFPID-0063"
},
"product_reference": "CSAFPID-0027",
"relates_to_product_reference": "CSAFPID-0007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK LMS12x with Firmware 2.1",
"product_id": "CSAFPID-0064"
},
"product_reference": "CSAFPID-0029",
"relates_to_product_reference": "CSAFPID-0008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK LMS13x with Firmware 2.1",
"product_id": "CSAFPID-0065"
},
"product_reference": "CSAFPID-0031",
"relates_to_product_reference": "CSAFPID-0009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK LMS14x with Firmware 2.1",
"product_id": "CSAFPID-0066"
},
"product_reference": "CSAFPID-0033",
"relates_to_product_reference": "CSAFPID-0010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK MSC800 with Firmware 4.1",
"product_id": "CSAFPID-0067"
},
"product_reference": "CSAFPID-0037",
"relates_to_product_reference": "CSAFPID-0013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK Bulkscan LMS111 with Firmware 1.04",
"product_id": "CSAFPID-0068"
},
"product_reference": "CSAFPID-0041",
"relates_to_product_reference": "CSAFPID-0016"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK Bulkscan LMS511 with Firmware 2.3",
"product_id": "CSAFPID-0069"
},
"product_reference": "CSAFPID-0043",
"relates_to_product_reference": "CSAFPID-0017"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-2075",
"notes": [
{
"category": "description",
"text": "Improper handling of exceptional conditions in the platform mechanism AutoIP can lead to a reboot of the device, if parsing malformed network packets. This can lead to a temporary impact of the availability of the device. The AutoIP mechanism is used by the SOPAS Engineering Tool (SOPAS-ET), e.g. to detect SICK devices in the network and change their IP configuration. This is intended to simplify the initial setup and the maintenance of the devices. The devices listen on port 30718 for UDP broadcasts.\n\nSICK has released a new firmware version for the MSC800, Bulkscan LMS111, Bulkscan LMS511 and other LMS1xx devices."
}
],
"product_status": {
"fixed": [
"CSAFPID-0061",
"CSAFPID-0062",
"CSAFPID-0063",
"CSAFPID-0064",
"CSAFPID-0065",
"CSAFPID-0066",
"CSAFPID-0067",
"CSAFPID-0068",
"CSAFPID-0069"
],
"known_affected": [
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058",
"CSAFPID-0059",
"CSAFPID-0060"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to version V1.04\n\nSICK removed the AutoIP weakness with the same available fix for the MSC800. The update can only be implemented by a SICK service technician, either by remote access or on site. To obtain the update, please contact your local service technician.",
"product_ids": [
"CSAFPID-0059"
]
},
{
"category": "vendor_fix",
"details": "Update to version V2.30\n\nSICK removed the AutoIP weakness with the same available fix for the MSC800. The update can only be implemented by a SICK service technician, either by remote access or on site. To obtain the update, please contact your local service technician.",
"product_ids": [
"CSAFPID-0060"
]
},
{
"category": "vendor_fix",
"details": "Update to version V2.0\n\nThe update fixes, that the LMS1xx series does not reboot anymore, after it received an incorrect payload on the AutoIP port. There are no known limitations. The update to version V2.0 respectively V2.10 will be available from mid-October 2020 on. To get the latest LMS1xx firmware update, please contact the responsible SICK Sales and Service unit, or download it from sick.com.",
"product_ids": [
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050"
]
},
{
"category": "vendor_fix",
"details": "Update to version V2.10\n\nThe update fixes, that the LMS1xx series does not reboot anymore, after it received an incorrect payload on the AutoIP port. There are no known limitations. The update to version V2.0 respectively V2.10 will be available from mid-October 2020 on. To get the latest LMS1xx firmware update, please contact the responsible SICK Sales and Service unit, or download it from sick.com.",
"product_ids": [
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053"
]
},
{
"category": "vendor_fix",
"details": "Update to version V4.1\n\nThe update fixes that the MSC800 does not reboot anymore after it received an incorrect payload on the AutoIP port. There are no known limitations. To get the latest MSC800 firmware update please contact the responsible SICK Sales and Service unit. They can support if there is the need to consider any customer specific changes or constraints related to legal for trade systems.",
"product_ids": [
"CSAFPID-0056"
]
},
{
"category": "workaround",
"details": "Restrict or block access to UDP port 30718 for the affected products. This workaround reduces the risk of the exploitation of the vulnerability but also limits the AutoIP function.",
"product_ids": [
"CSAFPID-0057",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0058",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058",
"CSAFPID-0059",
"CSAFPID-0060"
]
}
]
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.