sca-2020-0005
Vulnerability from csaf_sick
Published
2020-10-29 11:00
Modified
2020-10-29 11:00
Summary
Package Analytics affected by Windows TCP/IP vulnerability

Notes

Microsoft disclosed a critical vulnerability in the way ICMPv6 Router Advertisement packets are handled on Windows 10 and Windows Server 2019. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client. To exploit this vulnerability, an attacker would have to send specially crafted ICMPv6 Router Advertisement packets to a remote Windows computer.
All Package Analytics versions 4.0 to 4.1.2, which run on PCs containing the affected Windows OS, will be affected. However there are instances of PA running on older versions of Windows such as Windows 7, Windows Server 2012 R2, Windows Server 2016 R2 which do not appear in the list of affected OS for this issue.
General Security Measures
As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.
Vulnerability Classification
SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.


To clipboard 

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "summary",
        "text": "Microsoft disclosed a critical vulnerability in the way ICMPv6 Router Advertisement packets are\nhandled on Windows 10 and Windows Server 2019. An attacker who successfully exploited this\nvulnerability could gain the ability to execute code on the target server or client.\nTo exploit this vulnerability, an attacker would have to send specially crafted ICMPv6 Router\nAdvertisement packets to a remote Windows computer.\n"
      },
      {
        "category": "details",
        "text": "All Package Analytics versions 4.0 to 4.1.2, which run on PCs containing the affected Windows OS,\nwill be affected.\nHowever there are instances of PA running on older versions of Windows such as Windows 7,\nWindows Server 2012 R2, Windows Server 2016 R2 which do not appear in the list of affected OS for\nthis issue."
      },
      {
        "category": "general",
        "text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.",
        "title": "General Security Measures"
      },
      {
        "category": "general",
        "text": "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer\u2019s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.",
        "title": "Vulnerability Classification"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@sick.de",
      "issuing_authority": "SICK PSIRT is responsible for any vulnerabilities related to SICK products.",
      "name": "SICK PSIRT",
      "namespace": "https://sick.com/psirt"
    },
    "references": [
      {
        "summary": "SICK PSIRT Security Advisories",
        "url": "https://sick.com/psirt"
      },
      {
        "summary": "SICK Operating Guidelines",
        "url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
      },
      {
        "summary": "ICS-CERT recommended practices on Industrial Security",
        "url": "http://ics-cert.us-cert.gov/content/recommended-practices"
      },
      {
        "summary": "CVSS v3.1 Calculator",
        "url": "https://www.first.org/cvss/calculator/3.1"
      },
      {
        "category": "self",
        "summary": "The canonical URL.",
        "url": "https://www.sick.com/.well-known/csaf/white/2020/sca-2020-0005.json"
      }
    ],
    "title": "Package Analytics affected by Windows TCP/IP vulnerability",
    "tracking": {
      "current_release_date": "2020-10-29T11:00:00.000Z",
      "generator": {
        "date": "2023-02-09T14:42:29.970Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.0.0"
        }
      },
      "id": "SCA-2020-0005",
      "initial_release_date": "2020-10-29T11:00:00.000Z",
      "revision_history": [
        {
          "date": "2020-10-29T11:00:00.000Z",
          "number": "1",
          "summary": "Initial Release"
        },
        {
          "date": "2023-02-09T11:00:00.000Z",
          "number": "2",
          "summary": "Updated Advisory (only visual changes)"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "4.0 up to 4.1.2",
                "product": {
                  "name": "SICK Package Analytics 4.0 up to 4.1.2",
                  "product_id": "CSAFPID-0001",
                  "product_identification_helper": {
                    "x_generic_uris": [
                      {
                        "namespace": "SICK:Website",
                        "uri": "SICK:Website:https://www.sick.com/de/de/p/p600146"
                      }
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Package Analytics"
          }
        ],
        "category": "vendor",
        "name": "SICK AG"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-16898",
      "notes": [
        {
          "category": "description",
          "text": "A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets, aka \u0027Windows TCP/IP Remote Code Execution Vulnerability\u0027.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "summary": "Microsoft Security Advisory",
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16898"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "This issue is addressed in the Microsoft update for CVE-2020-16898.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16898"
        },
        {
          "category": "mitigation",
          "details": "If you find yourself in a situation where an update is not doable. Microsoft advises the following workarounds:\n\n\u003cbr /\u003e\n\n**Disable ICMPv6 RDNSS**: \n\nThe following workaround may be helpful in your situation. In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as they become available even if you plan to leave this workaround in place:\n\nYou can check your \\*INTERFACENUMBER\\* by running this command in a cmd:\n\n```cmd\nroute print\n```\n\nYou can disable ICMPv6 RDNSS, to prevent attackers from exploiting the vulnerability, with the PowerShell command below. This workaround is only available for Windows 1709 and above. See What\u0027s new in Windows Server 1709 for more information.\n\n```powershell\nnetsh int ipv6 set int *INTERFACENUMBER* rabaseddnsconfig=disable\n```\n**Note:** No reboot is needed after making the change.\n\n\u003cbr /\u003e\n\nYou can disable the workaround with the PowerShell command below.\n\n```powershell\nnetsh int ipv6 set int *INTERFACENUMBER* rabaseddnsconfig=enable\n```\n**Note:** No reboot is needed after disabling the workaround.\n\n\u003cbr /\u003e\n\nPackage Analytics has been verified to function without any issue and is compatible with the prescribed Microsoft update. No additional PA patches are necessary.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "PROOF_OF_CONCEPT",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.