sca-2024-0006
Vulnerability from csaf_sick
Published
2024-12-06 00:00
Modified
2024-12-06 00:00
Summary
Critical vulnerabilities in SICK InspectorP61x, InspectorP62x and TiM3xx
Notes
summary
Multiple critical vulnerabilities were found in the SICK products InspectorP61x, InspectorP62x and TiM3xx. If exploited, this potentially allows an attacker to impact availabiltiy, integrity and confidentaility of the products.
It is strongly recommended to upgrade the InspectorP61x, InspectorP62x and TiM3xx to the latest release.
General Security Measures
As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.
Vulnerability Classification
SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.
{
"document": {
"acknowledgments": [
{
"names": [
"Manuel Stotz and Tobias J\u00e4ger"
],
"organization": "SySS GmbH",
"summary": "pentesting the products and reporting the vulnerabilities",
"urls": [
"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-053.txt",
"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-054.txt",
"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-055.txt",
"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-056.txt"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "Multiple critical vulnerabilities were found in the SICK products InspectorP61x, InspectorP62x and TiM3xx. If exploited, this potentially allows an attacker to impact availabiltiy, integrity and confidentaility of the products.\nIt is strongly recommended to upgrade the InspectorP61x, InspectorP62x and TiM3xx to the latest release. \n\n\n ",
"title": "summary"
},
{
"category": "general",
"text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.",
"title": "General Security Measures"
},
{
"category": "general",
"text": "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer\u2019s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.",
"title": "Vulnerability Classification"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@sick.de",
"issuing_authority": "SICK PSIRT is responsible for any vulnerabilities related to SICK products.",
"name": "SICK PSIRT",
"namespace": "https://www.sick.com/psirt"
},
"references": [
{
"summary": "SICK PSIRT Security Advisories",
"url": "https://sick.com/psirt"
},
{
"summary": "SICK Operating Guidelines",
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"summary": "ICS-CERT recommended practices on Industrial Security",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"summary": "CVSS v3.1 Calculator",
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"category": "self",
"summary": "The canonical URL.",
"url": "https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0006.json"
}
],
"title": "Critical vulnerabilities in SICK InspectorP61x, InspectorP62x and TiM3xx",
"tracking": {
"current_release_date": "2024-12-06T00:00:00.000Z",
"generator": {
"date": "2024-12-06T09:57:16.137Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.16"
}
},
"id": "SCA-2024-0006",
"initial_release_date": "2024-12-06T00:00:00.000Z",
"revision_history": [
{
"date": "2024-12-06T00:00:00.000Z",
"number": "1",
"summary": "Initial version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK InspectorP61x all versions",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "InspectorP61x"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK InspectorP62x all versions",
"product_id": "CSAFPID-0012"
}
}
],
"category": "product_name",
"name": "InspectorP62x"
}
],
"category": "product_family",
"name": "Inspector"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK TiM3xx all versions",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "TiM3xx"
}
],
"category": "product_family",
"name": "TiM"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 5.0.0",
"product": {
"name": "SICK InspectorP61x Firmware \u003c 5.0.0",
"product_id": "CSAFPID-0003"
}
},
{
"category": "product_version",
"name": "5.0.0",
"product": {
"name": "SICK InspectorP61x Firmware 5.0.0",
"product_id": "CSAFPID-0004"
}
},
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK InspectorP61x all firmware versions",
"product_id": "CSAFPID-0011"
}
}
],
"category": "product_name",
"name": "InspectorP61x Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 5.10.0",
"product": {
"name": "SICK TiM3xx Firmware \u003c 5.10.0",
"product_id": "CSAFPID-0005"
}
},
{
"category": "product_version",
"name": "5.10.0",
"product": {
"name": "SICK TiM3xx Firmware 5.10.0",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "TiM3xx Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 5.0.0",
"product": {
"name": "SICK InspectorP62x Firmware \u003c 5.0.0",
"product_id": "CSAFPID-0013"
}
},
{
"category": "product_version_range",
"name": "5.0.0",
"product": {
"name": "SICK InspectorP62x Firmware 5.0.0",
"product_id": "CSAFPID-0014"
}
},
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK InspectorP62x all firmware versions",
"product_id": "CSAFPID-0015"
}
}
],
"category": "product_name",
"name": "InspectorP62x Firmware"
}
],
"category": "vendor",
"name": "SICK AG"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "SICK InspectorP61x with Firmware \u003c 5.0.0",
"product_id": "CSAFPID-0007"
},
"product_reference": "CSAFPID-0003",
"relates_to_product_reference": "CSAFPID-0001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK TiM3xx with Firmware \u003c 5.10.0",
"product_id": "CSAFPID-0008"
},
"product_reference": "CSAFPID-0005",
"relates_to_product_reference": "CSAFPID-0002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK InspectorP61x all versions with Firmware 5.0.0",
"product_id": "CSAFPID-0009"
},
"product_reference": "CSAFPID-0004",
"relates_to_product_reference": "CSAFPID-0001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK TiM3xx all versions with Firmware 5.10.0",
"product_id": "CSAFPID-0010"
},
"product_reference": "CSAFPID-0006",
"relates_to_product_reference": "CSAFPID-0002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK InspectorP62x with Firmware \u003c 5.0.0",
"product_id": "CSAFPID-0016"
},
"product_reference": "CSAFPID-0013",
"relates_to_product_reference": "CSAFPID-0012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK InspectorP62x all versions with Firmware 5.0.0",
"product_id": "CSAFPID-0017"
},
"product_reference": "CSAFPID-0014",
"relates_to_product_reference": "CSAFPID-0012"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-10771",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Due to missing input validation during one step of the firmware update process, the product is vulnerable to remote code execution. With network access and the user level \"Service\", an attacker can execute arbitrary system commands in the root user\u0027s contexts.",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-0009",
"CSAFPID-0017"
],
"known_affected": [
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0016"
],
"recommended": [
"CSAFPID-0009",
"CSAFPID-0017"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Customers are strongly recommended to upgrade to the latest release.\n",
"product_ids": [
"CSAFPID-0007",
"CSAFPID-0016"
]
},
{
"category": "workaround",
"date": "2024-10-15T10:00:00.000Z",
"details": "We recommend updating the firmware only in a trusted environment.",
"product_ids": [
"CSAFPID-0008"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0016"
]
}
]
},
{
"cve": "CVE-2024-10772",
"cwe": {
"id": "CWE-649",
"name": "Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking"
},
"notes": [
{
"category": "summary",
"text": "Since the firmware update is not validated, an attacker can install modified firmware on the device. This has a high impact on the availabilty, integrity and confidentiality up to the complete compromise of the device. ",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-0009",
"CSAFPID-0017"
],
"known_affected": [
"CSAFPID-0007",
"CSAFPID-0016"
],
"recommended": [
"CSAFPID-0009",
"CSAFPID-0017"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Customers are strongly recommended to upgrade to the latest release.\n",
"product_ids": [
"CSAFPID-0007",
"CSAFPID-0016"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0007",
"CSAFPID-0016"
]
}
]
},
{
"cve": "CVE-2024-10773",
"cwe": {
"id": "CWE-912",
"name": "Hidden Functionality"
},
"notes": [
{
"category": "summary",
"text": "The product is vulnerable to pass-the-hash attacks in combination with hardcoded credentials of hidden user levels. This means that an attacker can log in with the hidden user levels and gain full access to the device.",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0017"
],
"known_affected": [
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0016"
],
"recommended": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0017"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Customers are strongly recommended to upgrade to the latest release.",
"product_ids": [
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0016"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.1,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 9,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0016"
]
}
]
},
{
"cve": "CVE-2024-10774",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "summary",
"text": "Unauthenticated CROWN APIs allow access to critical functions. This leads to the accessibility of large parts of the web application without authentication.",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-0009",
"CSAFPID-0017"
],
"known_affected": [
"CSAFPID-0007",
"CSAFPID-0016"
],
"recommended": [
"CSAFPID-0009",
"CSAFPID-0017"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Customers are strongly recommended to upgrade to the latest release. Furthermore, the app development for which the CROWN API is required should be done in a trusted environment. As soon as the device is used productively with the custom-developed apps, the CROWN API should be deactivated.",
"product_ids": [
"CSAFPID-0007",
"CSAFPID-0016"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"environmentalScore": 7.3,
"environmentalSeverity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.3,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0007",
"CSAFPID-0016"
]
}
]
},
{
"cve": "CVE-2024-10776",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "summary",
"text": "Lua apps can be deployed, removed, started, reloaded or stopped without authorization via AppManager. This allows an attacker to remove legitimate apps creating a DoS attack,\nread and write files or load apps that use all features of the product available to a customer.",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-0009",
"CSAFPID-0017"
],
"known_affected": [
"CSAFPID-0007",
"CSAFPID-0016"
],
"recommended": [
"CSAFPID-0009",
"CSAFPID-0017"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Customers are strongly recommended to upgrade to the latest release. Furthermore, the app development should be done in a trusted environment. After the development, app management should be disabled.",
"product_ids": [
"CSAFPID-0007",
"CSAFPID-0016"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 8.2,
"environmentalSeverity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.2,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0007",
"CSAFPID-0016"
]
}
]
},
{
"cve": "CVE-2024-11022",
"cwe": {
"id": "CWE-323",
"name": "Reusing a Nonce, Key Pair in Encryption"
},
"notes": [
{
"category": "summary",
"text": "The authentication process to the web server uses a challenge response procedure which inludes the nonce and additional information. This challenge can be used several times for login and is therefore vulnerable for a replay attack.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0011",
"CSAFPID-0015"
]
},
"remediations": [
{
"category": "workaround",
"details": "As the communication is not encrypted, the device should only be used in a trusted environment.\n",
"product_ids": [
"CSAFPID-0011",
"CSAFPID-0015"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.6,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0011",
"CSAFPID-0015"
]
}
]
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…