sca-2022-0002
Vulnerability from csaf_sick
Published
2022-02-23 16:00
Modified
2022-02-23 16:00
Summary
PwnKit vulnerability affects multiple SICK IPCs
Notes
CVE-2021-4034 is a Local Privilege Escalation (LPE) vulnerability, located in the "Polkit" package
installed by default on almost every major distribution of the Linux operating system.
On 2022-01-25, Qualys released an advisory for this LPE vulnerability, advising to either update the “Polkit” package or implement the mitigation that Qualys recommends.
In an air-gapped system SICK recommends all customers to implement at least the available mitigation for the corresponding Linux distribution. Please note, that this vulnerability can be exploited only if an user with unprivileged authorization can establish a connection to the systems.
General Security Measures
As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.
Vulnerability Classification
SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "en-US",
"notes": [
{
"audience": "all",
"category": "summary",
"text": "CVE-2021-4034 is a Local Privilege Escalation (LPE) vulnerability, located in the \"Polkit\" package \ninstalled by default on almost every major distribution of the Linux operating system.\n\nOn 2022-01-25, Qualys released an advisory for this LPE vulnerability, advising to either update the \u201cPolkit\u201d package or implement the mitigation that Qualys recommends.\n\nIn an air-gapped system SICK recommends all customers to implement at least the available mitigation for the corresponding Linux distribution. Please note, that this vulnerability can be exploited only if an user with unprivileged authorization can establish a connection to the systems. "
},
{
"category": "general",
"text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.",
"title": "General Security Measures"
},
{
"category": "general",
"text": "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer\u2019s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.",
"title": "Vulnerability Classification"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@sick.de",
"issuing_authority": "SICK PSIRT is responsible for any vulnerabilities related to SICK products.",
"name": "SICK PSIRT",
"namespace": "https://sick.com/psirt"
},
"references": [
{
"summary": "SICK PSIRT Security Advisories",
"url": "https://sick.com/psirt"
},
{
"summary": "SICK Operating Guidelines",
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"summary": "ICS-CERT recommended practices on Industrial Security",
"url": "http://ics-cert.us-cert.gov/content/recommended-practices"
},
{
"summary": "CVSS v3.1 Calculator",
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"category": "self",
"summary": "The canonical URL.",
"url": "https://www.sick.com/.well-known/csaf/white/2022/sca-2022-0002.json"
}
],
"title": "PwnKit vulnerability affects multiple SICK IPCs",
"tracking": {
"current_release_date": "2022-02-23T16:00:00.000Z",
"generator": {
"date": "2023-02-10T09:01:25.481Z",
"engine": {
"name": "Secvisogram",
"version": "2.0.0"
}
},
"id": "SCA-2022-0002",
"initial_release_date": "2022-02-23T16:00:00.000Z",
"revision_history": [
{
"date": "2022-02-23T16:00:00.000Z",
"number": "1",
"summary": "Initial release"
},
{
"date": "2023-02-10T11:00:00.000Z",
"number": "2",
"summary": "Updated Advisory (only visual changes)"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK PC, MXE5401, M16G, 1TB, LINUX, CUSTOM all versions",
"product_id": "CSAFPID-0001",
"product_identification_helper": {
"skus": [
"1111424"
]
}
}
}
],
"category": "product_name",
"name": "PC, MXE5401, M16G, 1TB, LINUX, CUSTOM"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK PC, MXE5401, M16G, 2TB, C7 all versions",
"product_id": "CSAFPID-0002",
"product_identification_helper": {
"skus": [
"1099249"
]
}
}
}
],
"category": "product_name",
"name": "PC, MXE5401, M16G, 2TB, C7"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK PC, MXE5401, M16G, 1TB, C7 all versions",
"product_id": "CSAFPID-0003",
"product_identification_helper": {
"skus": [
"1099248"
]
}
}
}
],
"category": "product_name",
"name": "PC, MXE5401, M16G, 1TB, C7"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK PC, EOS1300, M16G, 1TB, C7 all versions",
"product_id": "CSAFPID-0004",
"product_identification_helper": {
"skus": [
"1092516"
]
}
}
}
],
"category": "product_name",
"name": "PC, EOS1300, M16G, 1TB, C7"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK PC, EOS1300, M16G, 2TB, C7 all versions",
"product_id": "CSAFPID-0005",
"product_identification_helper": {
"skus": [
"1092517"
]
}
}
}
],
"category": "product_name",
"name": "PC, EOS1300, M16G, 2TB, C7"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK PC, MXE-5401, SSCT, R0, 2TB all versions",
"product_id": "CSAFPID-0006",
"product_identification_helper": {
"skus": [
"2084896",
"2098056"
]
}
}
}
],
"category": "product_name",
"name": "PC, MXE-5401, SSCT, R0, 2TB"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK PC, MXE-5401,R0,2TB,SS-X all versions",
"product_id": "CSAFPID-0007",
"product_identification_helper": {
"skus": [
"2095232"
]
}
}
}
],
"category": "product_name",
"name": "PC, MXE-5401,R0,2TB,SS-X"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK PC, MXE-5401,R0,2TB,UDS-X all versions",
"product_id": "CSAFPID-0008",
"product_identification_helper": {
"skus": [
"2104564"
]
}
}
}
],
"category": "product_name",
"name": "PC, MXE-5401,R0,2TB,UDS-X"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK PC, MXE-5321, SSXT, R0, 2TB all versions",
"product_id": "CSAFPID-0009",
"product_identification_helper": {
"skus": [
"2084076"
]
}
}
}
],
"category": "product_name",
"name": "PC, MXE-5321, SSXT, R0, 2TB"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK PC, MXE-5321, SSAT, R0, 2TB all versions",
"product_id": "CSAFPID-0010",
"product_identification_helper": {
"skus": [
"2084077"
]
}
}
}
],
"category": "product_name",
"name": "PC, MXE-5321, SSAT, R0, 2TB"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK PC, MXE-5321, UDS, R0, 2TB all versions",
"product_id": "CSAFPID-0011",
"product_identification_helper": {
"skus": [
"2084078"
]
}
}
}
],
"category": "product_name",
"name": "PC, MXE-5321, UDS, R0, 2TB"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK PC, MXE-5401, SSAT, R0, 2TB all versions",
"product_id": "CSAFPID-0012",
"product_identification_helper": {
"skus": [
"2084897"
]
}
}
}
],
"category": "product_name",
"name": "PC, MXE-5401, SSAT, R0, 2TB"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK PC, MXE-5401, UDS, R0, 2TB all versions",
"product_id": "CSAFPID-0013",
"product_identification_helper": {
"skus": [
"2084898"
]
}
}
}
],
"category": "product_name",
"name": "PC, MXE-5401, UDS, R0, 2TB"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK PC, MXE-5401, SP, R0,2TB all versions",
"product_id": "CSAFPID-0014",
"product_identification_helper": {
"skus": [
"2099100"
]
}
}
}
],
"category": "product_name",
"name": "PC, MXE-5401, SP, R0,2TB"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK PC-MXE 5401, CUSTOM, C6, 1TB all versions",
"product_id": "CSAFPID-0015",
"product_identification_helper": {
"skus": [
"2056761"
]
}
}
}
],
"category": "product_name",
"name": "PC-MXE 5401, CUSTOM, C6, 1TB"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK ERGO,DISP,KIT,C6X,CUSTOM all versions",
"product_id": "CSAFPID-0016",
"product_identification_helper": {
"skus": [
"2087772"
]
}
}
}
],
"category": "product_name",
"name": "ERGO,DISP,KIT,C6X,CUSTOM"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK PC, K700-SE-MS4X, M16G, 1TB all versions",
"product_id": "CSAFPID-0017",
"product_identification_helper": {
"skus": [
"1122338"
]
}
}
}
],
"category": "product_name",
"name": "PC, K700-SE-MS4X, M16G, 1TB"
}
],
"category": "vendor",
"name": "SICK AG"
}
],
"full_product_names": [
{
"name": "CentOS",
"product_id": "CSAFPID-0018"
},
{
"name": "RedHat",
"product_id": "CSAFPID-0019"
},
{
"name": "Ubuntu",
"product_id": "CSAFPID-0020"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "SICK PC, MXE5401, M16G, 1TB, LINUX, CUSTOM all versions (CentOS)",
"product_id": "CSAFPID-0021"
},
"product_reference": "CSAFPID-0018",
"relates_to_product_reference": "CSAFPID-0001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK PC, MXE5401, M16G, 2TB, C7 all versions (CentOS)",
"product_id": "CSAFPID-0022"
},
"product_reference": "CSAFPID-0018",
"relates_to_product_reference": "CSAFPID-0002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK PC, MXE5401, M16G, 1TB, C7 all versions (CentOS)",
"product_id": "CSAFPID-0023"
},
"product_reference": "CSAFPID-0018",
"relates_to_product_reference": "CSAFPID-0003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK PC, EOS1300, M16G, 1TB, C7 all versions (CentOS)",
"product_id": "CSAFPID-0024"
},
"product_reference": "CSAFPID-0018",
"relates_to_product_reference": "CSAFPID-0004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK PC, EOS1300, M16G, 2TB, C7 all versions (CentOS)",
"product_id": "CSAFPID-0025"
},
"product_reference": "CSAFPID-0018",
"relates_to_product_reference": "CSAFPID-0005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK PC, MXE-5401,R0,2TB,SS-X all versions (RedHat)",
"product_id": "CSAFPID-0026"
},
"product_reference": "CSAFPID-0019",
"relates_to_product_reference": "CSAFPID-0006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK PC, MXE-5401,R0,2TB,UDS-X all versions (RedHat)",
"product_id": "CSAFPID-0027"
},
"product_reference": "CSAFPID-0019",
"relates_to_product_reference": "CSAFPID-0007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK PC, MXE-5321, SSXT, R0, 2TB all versions (RedHat)",
"product_id": "CSAFPID-0028"
},
"product_reference": "CSAFPID-0019",
"relates_to_product_reference": "CSAFPID-0008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK PC, MXE-5321, SSAT, R0, 2TB all versions (RedHat)",
"product_id": "CSAFPID-0029"
},
"product_reference": "CSAFPID-0019",
"relates_to_product_reference": "CSAFPID-0009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK PC, MXE-5321, UDS, R0, 2TB all versions (RedHat)",
"product_id": "CSAFPID-0030"
},
"product_reference": "CSAFPID-0019",
"relates_to_product_reference": "CSAFPID-0010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK PC, MXE-5401, SSAT, R0, 2TB all versions (RedHat)",
"product_id": "CSAFPID-0031"
},
"product_reference": "CSAFPID-0019",
"relates_to_product_reference": "CSAFPID-0011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK PC, MXE-5401, UDS, R0, 2TB all versions (RedHat)",
"product_id": "CSAFPID-0032"
},
"product_reference": "CSAFPID-0019",
"relates_to_product_reference": "CSAFPID-0012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK PC, MXE-5401, SSCT, R0, 2TB all versions (RedHat)",
"product_id": "CSAFPID-0033"
},
"product_reference": "CSAFPID-0019",
"relates_to_product_reference": "CSAFPID-0013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK PC, MXE-5401, SP, R0,2TB all versions (RedHat)",
"product_id": "CSAFPID-0034"
},
"product_reference": "CSAFPID-0019",
"relates_to_product_reference": "CSAFPID-0014"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK PC-MXE 5401, CUSTOM, C6, 1TB all versions (CentOS)",
"product_id": "CSAFPID-0035"
},
"product_reference": "CSAFPID-0018",
"relates_to_product_reference": "CSAFPID-0015"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK ERGO,DISP,KIT,C6X,CUSTOM all versions (CentOS)",
"product_id": "CSAFPID-0036"
},
"product_reference": "CSAFPID-0018",
"relates_to_product_reference": "CSAFPID-0016"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK PC, K700-SE-MS4X, M16G, 1TB all versions (Ubuntu)",
"product_id": "CSAFPID-0037"
},
"product_reference": "CSAFPID-0020",
"relates_to_product_reference": "CSAFPID-0017"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-4034",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-01-31T16:00:00.000Z",
"notes": [
{
"category": "description",
"text": "The current version of pkexec doesn\u0027t handle the calling parameters count correctly and ends trying to \nexecute environment variables as commands. An attacker can leverage this by crafting environment \nvariables in such a way it\u0027ll induce pkexec to execute arbitrary code. When successfully executed the \nattack can cause a local privilege escalation given unprivileged users administrative rights on the \ntarget machine."
}
],
"product_status": {
"fixed": [
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037"
]
},
"references": [
{
"summary": "Qualys Advisory",
"url": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2022-02-23T16:00:00.000Z",
"details": "Update to newest version",
"product_ids": [
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037"
]
},
{
"category": "mitigation",
"details": "- In case your SICK IPC for Analytics has been set up normally, without a \u201ckiosk\u201d mode:\n\n - Log in as the \\\u003croot\\\u003e user (credentials will be supplied separately).\n\n - Start the \\\u003cterminal\\\u003e app.\n\n - At the command prompt, enter the following command: \\\u003cchmod 0755 /usr/bin/pkexec\\\u003e\n\n - Log out from \\\u003croot\\\u003e\n\n- In case your SICK IPC for Analytics has been set up in \u201ckiosk\u201d mode:\n\n Note: In this below example, the OS is assumed to be CentOS 6.8 running a Gnome 2.28.2 GUI with SICK Package Analytics pre-installed and running on Kiosk mode.\n\n - These instructions start from the default kiosk-mode display of Package analytics.\n \n - Press \\\u003cCTRL+F4\\\u003e on the keyboard. This will bring up the desktop for the \\\u003cguest\\\u003e user.\n\n - Select the green \u201crunning man\u201d icon in the upper right.\n\n - Select \\\u003cLog Out\\\u003e in the dialog box.\n\n - In the ensuing dialog, press \\\u003cCancel\\\u003e. It\u2019s on a timer, so this step has to be done quickly.\n\n - This brings up a display that allows the user to log in to other accounts. Select \\\u003cother\\\u003e.\n\n - Enter \\\u003croot\\\u003e as the username.\n\n - Enter the root password. Note this will be provided in a separate email.\n\n - This brings up the root desktop. Click on the black terminal icon at the top of the display to bring up the command line prompt.\n\n - At the command line, enter the following command: \\\u003cchmod 0755 /usr/bin/pkexec\\\u003e\n\n - Click on the \\\u003cx\\\u003e in the upper right to close the terminal window.\n\n - As before click on the \u201crunning man\u201d icon at the top of the display to bring up the logout screen.\n \n - Select \\\u003cLog Out\\\u003e in the ensuing dialogue.\n\nThis completes the process. The system will automatically back in as the guest kiosk user.",
"product_ids": [
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037"
],
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001#mitigation"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037"
]
}
],
"title": "CVE-2021-4034 Out-of-bounds Write"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.