sca-2022-0012
Vulnerability from csaf_sick
Published
2022-08-08 13:00
Modified
2022-08-03 13:00
Summary
OpenSSL vulnerability affects multiple SICK SIMs
Notes
In March 2022, the OpenSSL development team disclosed a denial of service in versions "3.0.0," "3.0.1," "1.1.1"-"1.1.1m" and "1.0.2-1.0.2zc" of the OpenSSL library. Exploiting this vulnerability allows remote, unauthenticated attackers to cause an infinite loop. It is possible to trigger the infinite loop by creating a certificate that has invalid explicit curve parameters or when parsing created private keys, as they may contain explicit elliptic curve parameters. It may be possible to put the SIMs in a non-responsive state since 100% of the CPU resource is consumed by the infinite loop calculation.
The listed SICK SIM products are currently operated with an OpenSSL version that is vulnerable to CVE-2022-0778. With that it could be possible to exploit the mentioned vulnerability if the SIM devices are connected to a network with untrusted devices.
In that case an untrusted client may send a manipulated SSH-certificate to the SIM, which exploits the vulnerability in the OpenSSL library as described above when it comes to the certificate validation by the SIM product.
Evaluation is undergoing.
General Security Measures
As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.
Vulnerability Classification
SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "In March 2022, the OpenSSL development team disclosed a denial of service in versions \"3.0.0,\" \"3.0.1,\" \"1.1.1\"-\"1.1.1m\" and \"1.0.2-1.0.2zc\" of the OpenSSL library. Exploiting this vulnerability allows remote, unauthenticated attackers to cause an infinite loop. It is possible to trigger the infinite loop by creating a certificate that has invalid explicit curve parameters or when parsing created private keys, as they may contain explicit elliptic curve parameters. It may be possible to put the SIMs in a non-responsive state since 100% of the CPU resource is consumed by the infinite loop calculation.\nThe listed SICK SIM products are currently operated with an OpenSSL version that is vulnerable to CVE-2022-0778. With that it could be possible to exploit the mentioned vulnerability if the SIM devices are connected to a network with untrusted devices. \nIn that case an untrusted client may send a manipulated SSH-certificate to the SIM, which exploits the vulnerability in the OpenSSL library as described above when it comes to the certificate validation by the SIM product. \nEvaluation is undergoing."
},
{
"category": "general",
"text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.",
"title": "General Security Measures"
},
{
"category": "general",
"text": "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer\u2019s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.",
"title": "Vulnerability Classification"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@sick.de",
"issuing_authority": "SICK PSIRT is responsible for any vulnerabilities related to SICK products.",
"name": "SICK PSIRT",
"namespace": "https://sick.com/psirt"
},
"references": [
{
"summary": "SICK PSIRT Security Advisories",
"url": "https://sick.com/psirt"
},
{
"summary": "SICK Operating Guidelines",
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"summary": "ICS-CERT recommended practices on Industrial Security",
"url": "http://ics-cert.us-cert.gov/content/recommended-practices"
},
{
"summary": "CVSS v3.1 Calculator",
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"category": "self",
"summary": "The canonical URL.",
"url": "https://www.sick.com/.well-known/csaf/white/2022/sca-2022-0012.json"
}
],
"title": "OpenSSL vulnerability affects multiple SICK SIMs",
"tracking": {
"current_release_date": "2022-08-03T13:00:00.000Z",
"generator": {
"date": "2023-02-10T09:56:48.078Z",
"engine": {
"name": "Secvisogram",
"version": "2.0.0"
}
},
"id": "SCA-2022-0012",
"initial_release_date": "2022-08-08T13:00:00.000Z",
"revision_history": [
{
"date": "2022-08-08T13:00:00.000Z",
"number": "1",
"summary": "Initial Release"
},
{
"date": "2023-02-10T11:00:00.000Z",
"number": "2",
"summary": "The canonical URL."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK SIM1000 FX all versions",
"product_id": "CSAFPID-0001",
"product_identification_helper": {
"skus": [
"1097816",
"1097817"
]
}
}
}
],
"category": "product_name",
"name": "SIM1000 FX"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK SIM1004 all versions",
"product_id": "CSAFPID-0002",
"product_identification_helper": {
"skus": [
"1098148"
]
}
}
}
],
"category": "product_name",
"name": "SIM1004"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK SIM1012 all versions",
"product_id": "CSAFPID-0003",
"product_identification_helper": {
"skus": [
"1098146"
]
}
}
}
],
"category": "product_name",
"name": "SIM1012"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK SIM2000ST-E all versions",
"product_id": "CSAFPID-0004",
"product_identification_helper": {
"skus": [
"1112345"
]
}
}
}
],
"category": "product_name",
"name": "SIM2000ST-E"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK SIM2000ST Track \u0026 Trace (2086502) all versions",
"product_id": "CSAFPID-0005",
"product_identification_helper": {
"skus": [
"2086502"
]
}
}
}
],
"category": "product_name",
"name": "SIM2000ST Track \u0026 Trace (2086502)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK SIM2000ST Track \u0026 Trace (2086501) all versions",
"product_id": "CSAFPID-0006",
"product_identification_helper": {
"skus": [
"2086501"
]
}
}
}
],
"category": "product_name",
"name": "SIM2000ST Track \u0026 Trace (2086501)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK SIM2000-2 P Track \u0026 Trace all versions",
"product_id": "CSAFPID-0007",
"product_identification_helper": {
"skus": [
"1117588"
]
}
}
}
],
"category": "product_name",
"name": "SIM2000-2 P Track \u0026 Trace"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK SIM2x00 all versions",
"product_id": "CSAFPID-0008",
"product_identification_helper": {
"skus": [
"1081902",
"1092673",
"1112341"
]
}
}
}
],
"category": "product_name",
"name": "SIM2x00"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK SIM2000ST all versions",
"product_id": "CSAFPID-0009",
"product_identification_helper": {
"skus": [
"1080579"
]
}
}
}
],
"category": "product_name",
"name": "SIM2000ST"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK SIM4000 all versions",
"product_id": "CSAFPID-0010",
"product_identification_helper": {
"skus": [
"1078787",
"1078484",
"1084131"
]
}
}
}
],
"category": "product_name",
"name": "SIM4000"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.5.2",
"product": {
"name": "SICK SIM1000 FX Firmware \u003c= 1.5.2",
"product_id": "CSAFPID-0011"
}
}
],
"category": "product_name",
"name": "SIM1000 FX Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.1.0",
"product": {
"name": "SICK SIM1004 Firmware \u003c= 1.1.0",
"product_id": "CSAFPID-0012"
}
}
],
"category": "product_name",
"name": "SIM1004 Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 2.0.6",
"product": {
"name": "SICK SIM1012 Firmware \u003c= 2.0.6",
"product_id": "CSAFPID-0013"
}
}
],
"category": "product_name",
"name": "SIM1012 Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.7.0",
"product": {
"name": "SICK SIM2000ST-E Firmware \u003c1.7.0",
"product_id": "CSAFPID-0014"
}
},
{
"category": "product_version",
"name": "1.7.0",
"product": {
"name": "SICK SIM2000ST-E Firmware 1.7.0",
"product_id": "CSAFPID-0015"
}
}
],
"category": "product_name",
"name": "SIM2000ST-E Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.13.2",
"product": {
"name": "SICK SIM2000ST Track \u0026 Trace (2086502) Firmware \u003c= 1.13.2",
"product_id": "CSAFPID-0016"
}
}
],
"category": "product_name",
"name": "SIM2000ST Track \u0026 Trace (2086502) Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.7.0",
"product": {
"name": "SICK SIM2000ST Track \u0026 Trace (2086501) Firmware \u003c= 1.7.0",
"product_id": "CSAFPID-0017"
}
}
],
"category": "product_name",
"name": "SIM2000ST Track \u0026 Trace (2086501) Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.7.0",
"product": {
"name": "SICK SIM2000-2 P Track \u0026 Trace Firmware \u003c1.7.0",
"product_id": "CSAFPID-0018"
}
},
{
"category": "product_version",
"name": "1.7.0",
"product": {
"name": "SICK SIM2000-2 P Track \u0026 Trace Firmware 1.7.0",
"product_id": "CSAFPID-0019"
}
}
],
"category": "product_name",
"name": "SIM2000-2 P Track \u0026 Trace Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.2.0",
"product": {
"name": "SICK SIM2x00 Firmware \u003c1.2.0",
"product_id": "CSAFPID-0020"
}
},
{
"category": "product_version",
"name": "1.2.0",
"product": {
"name": "SICK SIM2x00 Firmware 1.2.0",
"product_id": "CSAFPID-0021"
}
}
],
"category": "product_name",
"name": "SIM2x00 Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.7.0",
"product": {
"name": "SICK SIM2000ST Firmware \u003c= 1.7.0",
"product_id": "CSAFPID-0022"
}
}
],
"category": "product_name",
"name": "SIM2000ST Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.10.1",
"product": {
"name": "SICK SIM4000 Firmware \u003c= 1.10.1",
"product_id": "CSAFPID-0023"
}
}
],
"category": "product_name",
"name": "SIM4000 Firmware"
}
],
"category": "vendor",
"name": "SICK AG"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "SICK SIM1000 FX with Firmware \u003c= 1.5.2",
"product_id": "CSAFPID-0024"
},
"product_reference": "CSAFPID-0011",
"relates_to_product_reference": "CSAFPID-0001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK SIM1004 with Firmware \u003c= 1.1.0",
"product_id": "CSAFPID-0025"
},
"product_reference": "CSAFPID-0012",
"relates_to_product_reference": "CSAFPID-0002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK SIM1012 with Firmware \u003c= 2.0.6",
"product_id": "CSAFPID-0026"
},
"product_reference": "CSAFPID-0013",
"relates_to_product_reference": "CSAFPID-0003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK SIM2000ST-E with Firmware \u003c1.7.0",
"product_id": "CSAFPID-0027"
},
"product_reference": "CSAFPID-0014",
"relates_to_product_reference": "CSAFPID-0004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK SIM2000ST Track \u0026 Trace (2086502) with Firmware \u003c= 1.13.2",
"product_id": "CSAFPID-0028"
},
"product_reference": "CSAFPID-0016",
"relates_to_product_reference": "CSAFPID-0005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK SIM2000ST Track \u0026 Trace (2086501) with Firmware \u003c= 1.7.0",
"product_id": "CSAFPID-0029"
},
"product_reference": "CSAFPID-0017",
"relates_to_product_reference": "CSAFPID-0006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK SIM2000-2 P Track \u0026 Trace with Firmware \u003c1.7.0",
"product_id": "CSAFPID-0030"
},
"product_reference": "CSAFPID-0018",
"relates_to_product_reference": "CSAFPID-0007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK SIM2x00 with Firmware \u003c1.2.0",
"product_id": "CSAFPID-0031"
},
"product_reference": "CSAFPID-0020",
"relates_to_product_reference": "CSAFPID-0008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK SIM2000ST with Firmware \u003c= 1.7.0",
"product_id": "CSAFPID-0032"
},
"product_reference": "CSAFPID-0022",
"relates_to_product_reference": "CSAFPID-0009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK SIM4000 with Firmware \u003c= 1.10.1",
"product_id": "CSAFPID-0033"
},
"product_reference": "CSAFPID-0023",
"relates_to_product_reference": "CSAFPID-0010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK SIM2000ST-E with Firmware 1.7.0",
"product_id": "CSAFPID-0034"
},
"product_reference": "CSAFPID-0015",
"relates_to_product_reference": "CSAFPID-0004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK SIM2000-2 P Track \u0026 Trace with Firmware 1.7.0",
"product_id": "CSAFPID-0035"
},
"product_reference": "CSAFPID-0019",
"relates_to_product_reference": "CSAFPID-0007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK SIM2x00 with Firmware 1.2.0",
"product_id": "CSAFPID-0036"
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0008"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-0778",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "description",
"text": "Description of the original advisory from OpenSSL:\n\u201cThe OpenSSL BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form.\nIt is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial-of-service attack.\nThe infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters.\u201d",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036"
],
"known_affected": [
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0030",
"CSAFPID-0027",
"CSAFPID-0031"
]
},
"references": [
{
"category": "external",
"summary": "OpenSSL Security Advisory",
"url": "https://www.openssl.org/news/secadv/20220315.txt"
},
{
"category": "external",
"summary": "CVE Entry",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778"
}
],
"remediations": [
{
"category": "none_available",
"details": "The recommended solution will be the update of the firmware to a version \u003e= 1.10.2 (release not yet scheduled). Please see \u201cWorkaround\u201d.",
"product_ids": [
"CSAFPID-0033"
]
},
{
"category": "vendor_fix",
"details": "The recommended solution is to update the firmware to a version \u003e= 1.2.0 as soon as possible.",
"product_ids": [
"CSAFPID-0031"
]
},
{
"category": "vendor_fix",
"details": "The recommended solution is to update the firmware to a version \u003e= 1.7.0 as soon as possible.",
"product_ids": [
"CSAFPID-0027",
"CSAFPID-0030"
]
},
{
"category": "none_available",
"details": "The recommended solution will be the update of the firmware to a version \u003e= 1.7.1 (release not yet scheduled). Please see \u201cWorkaround\u201d.",
"product_ids": [
"CSAFPID-0032",
"CSAFPID-0029"
]
},
{
"category": "none_available",
"details": "The recommended solution will be the update of the firmware to a version \u003e= 1.13.3 (release not yet scheduled).",
"product_ids": [
"CSAFPID-0028"
]
},
{
"category": "none_available",
"details": "The recommended solution will be the update of the firmware to a version \u003e= 2.1.0 (in progress, release not yet scheduled).",
"product_ids": [
"CSAFPID-0026"
]
},
{
"category": "none_available",
"details": "The recommended solution will be the update of the firmware to a version \u003e= 2.0.0 (in progress, release not yet scheduled).",
"product_ids": [
"CSAFPID-0025"
]
},
{
"category": "none_available",
"details": "The recommended solution will be the update of the firmware to a version \u003e= 1.6.0 (in progress, release not yet scheduled).",
"product_ids": [
"CSAFPID-0024"
]
},
{
"category": "workaround",
"details": "In the runtime context of an SIM application, the SSH access should not be required at all, it is recommended as a workaround to disable port 22 (SSH) of the corresponding Ethernet port at the SIM via App (Firewall-API).",
"product_ids": [
"CSAFPID-0033",
"CSAFPID-0032",
"CSAFPID-0029",
"CSAFPID-0028",
"CSAFPID-0026",
"CSAFPID-0025",
"CSAFPID-0024"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033"
]
}
]
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.