SCA-2026-0009

Vulnerability from csaf_sick - Published: 2026-07-16 13:00 - Updated: 2026-07-16 13:00
Summary
Vulnerability in several Endress+Hauser products
Notes
Summary: A vulnerability was discovered in several Endress+Hauser products that can be accessed via ethernet.
Impact: If exploited, this vulnerability allows a remote unauthenticated attacker to modify the IP address of the product through the SopasET interface, potentially leading to Denial of Service. There are currently no known public exploits specifically targeting this vulnerability.
Mitigation: As general security measures, it is recommended to minimize network exposure of the devices, restrict network access, and follow recommended security practices in order to operate the devices in a protected IT environment.
Remediation: Customers are strongly advised to apply the recommended mitigation for the affected vulnerabilities to reduce potential risk.
General Recommendation: As general security measures, it is recommended to minimize network exposure of the devices, restrict network access, and follow recommended security practices in order to operate the devices in a protected IT environment.

A vulnerability allows a remote unauthenticated attacker to modify the product's IP address over the Sopas ET interface. This can lead to a Denial of Service attack.

CWE-306 - Missing Authentication for Critical Function
Affected products
Product Identifier Version Remediation
Unresolved product id: CSAFPID-31001
Mitigation
Unresolved product id: CSAFPID-31002
Mitigation
Unresolved product id: CSAFPID-31003
Mitigation
Unresolved product id: CSAFPID-31004
Mitigation
Unresolved product id: CSAFPID-31005
Mitigation
Unresolved product id: CSAFPID-31006
Mitigation
Unresolved product id: CSAFPID-31007
Mitigation
Unresolved product id: CSAFPID-31008
Mitigation
Unresolved product id: CSAFPID-31009
Mitigation
Unresolved product id: CSAFPID-31010
Mitigation
Unresolved product id: CSAFPID-31011
Mitigation
Unresolved product id: CSAFPID-31012
Mitigation
Unresolved product id: CSAFPID-31013
Mitigation
Unresolved product id: CSAFPID-31015
Mitigation
Unresolved product id: CSAFPID-31016
Mitigation
Unresolved product id: CSAFPID-31017
Mitigation

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "summary",
        "text": "A vulnerability was discovered in several Endress+Hauser products that can be accessed via ethernet.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "If exploited, this vulnerability allows a remote unauthenticated attacker to modify the IP address of the product through the SopasET interface, potentially leading to Denial of Service. There are currently no known public exploits specifically targeting this vulnerability.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "As general security measures, it is recommended to minimize network exposure of the devices, restrict network access, and follow recommended security practices in order to operate the devices in a protected IT environment.",
        "title": "Mitigation"
      },
      {
        "category": "description",
        "text": "Customers are strongly advised to apply the recommended mitigation for the affected vulnerabilities to reduce potential risk.",
        "title": "Remediation"
      },
      {
        "category": "general",
        "text": "As general security measures, it is recommended to minimize network exposure of the devices, restrict network access, and follow recommended security practices in order to operate the devices in a protected IT environment.",
        "title": "General Recommendation"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "psirt@sick.de",
      "issuing_authority": "SICK AG issues and issues in EHS products (when related to the Endress+Hauser SICK (EHS) joint venture).",
      "name": "SICK PSIRT",
      "namespace": "https://www.sick.com/psirt"
    },
    "references": [
      {
        "category": "external",
        "summary": "Endress+Hauser",
        "url": "https://www.endress.com"
      },
      {
        "summary": "SICK PSIRT Security Advisories",
        "url": "https://sick.com/psirt"
      },
      {
        "category": "external",
        "summary": "ICS-CERT recommended practices on Industrial Security",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "CVSS v3.1 Calculator",
        "url": "https://www.first.org/cvss/calculator/3.1"
      },
      {
        "category": "self",
        "summary": "The canonical URL.",
        "url": "https://www.sick.com/.well-known/csaf/white/2026/SCA-2026-0009.json"
      }
    ],
    "title": "Vulnerability in several Endress+Hauser products",
    "tracking": {
      "aliases": [
        "SCA-2026-0009"
      ],
      "current_release_date": "2026-07-16T13:00:00.000Z",
      "generator": {
        "date": "2026-07-16T13:00:00.000Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.29"
        }
      },
      "id": "SCA-2026-0009",
      "initial_release_date": "2026-07-16T13:00:00.000Z",
      "revision_history": [
        {
          "date": "2026-07-16T13:00:00.000Z",
          "number": "1.0.0",
          "summary": "Initial version"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "branches": [
                      {
                        "category": "product_version_range",
                        "name": "vers:all/*",
                        "product": {
                          "name": "Endress+Hauser MARSIC200 all versions",
                          "product_id": "CSAFPID-11001"
                        }
                      }
                    ],
                    "category": "product_name",
                    "name": "MARSIC200"
                  },
                  {
                    "branches": [
                      {
                        "category": "product_version_range",
                        "name": "vers:all/*",
                        "product": {
                          "name": "Endress+Hauser MARSIC280 all versions",
                          "product_id": "CSAFPID-11002"
                        }
                      }
                    ],
                    "category": "product_name",
                    "name": "MARSIC280"
                  },
                  {
                    "branches": [
                      {
                        "category": "product_version_range",
                        "name": "vers:all/*",
                        "product": {
                          "name": "Endress+Hauser MARSIC300 all versions",
                          "product_id": "CSAFPID-11003"
                        }
                      }
                    ],
                    "category": "product_name",
                    "name": "MARSIC300"
                  },
                  {
                    "branches": [
                      {
                        "category": "product_version_range",
                        "name": "vers:all/*",
                        "product": {
                          "name": "Endress+Hauser MCS100FT all versions",
                          "product_id": "CSAFPID-11004"
                        }
                      }
                    ],
                    "category": "product_name",
                    "name": "MCS100FT"
                  },
                  {
                    "branches": [
                      {
                        "category": "product_version_range",
                        "name": "vers:all/*",
                        "product": {
                          "name": "Endress+Hauser MCS200HW all versions",
                          "product_id": "CSAFPID-11005"
                        }
                      }
                    ],
                    "category": "product_name",
                    "name": "MCS200HW"
                  },
                  {
                    "branches": [
                      {
                        "category": "product_version_range",
                        "name": "vers:all/*",
                        "product": {
                          "name": "Endress+Hauser MCS300P all versions",
                          "product_id": "CSAFPID-11006"
                        }
                      }
                    ],
                    "category": "product_name",
                    "name": "MCS300P"
                  },
                  {
                    "branches": [
                      {
                        "category": "product_version_range",
                        "name": "vers:all/*",
                        "product": {
                          "name": "Endress+Hauser MERCEM300Z all versions",
                          "product_id": "CSAFPID-11007"
                        }
                      }
                    ],
                    "category": "product_name",
                    "name": "MERCEM300Z"
                  },
                  {
                    "branches": [
                      {
                        "category": "product_version_range",
                        "name": "vers:all/*",
                        "product": {
                          "name": "Endress+Hauser SAM800 all versions",
                          "product_id": "CSAFPID-11008"
                        }
                      }
                    ],
                    "category": "product_name",
                    "name": "SAM800"
                  },
                  {
                    "branches": [
                      {
                        "category": "product_version_range",
                        "name": "vers:all/*",
                        "product": {
                          "name": "Endress+Hauser SIPROCESS all versions",
                          "product_id": "CSAFPID-11009"
                        }
                      }
                    ],
                    "category": "product_name",
                    "name": "SIPROCESS"
                  },
                  {
                    "branches": [
                      {
                        "category": "product_version_range",
                        "name": "vers:all/*",
                        "product": {
                          "name": "Endress+Hauser GMS800 all versions",
                          "product_id": "CSAFPID-11010"
                        }
                      }
                    ],
                    "category": "product_name",
                    "name": "GMS800"
                  },
                  {
                    "branches": [
                      {
                        "category": "product_version_range",
                        "name": "vers:all/*",
                        "product": {
                          "name": "Endress+Hauser GMS800 FIDOR all versions",
                          "product_id": "CSAFPID-11011"
                        }
                      }
                    ],
                    "category": "product_name",
                    "name": "GMS800 FIDOR"
                  },
                  {
                    "branches": [
                      {
                        "category": "product_version_range",
                        "name": "vers:all/*",
                        "product": {
                          "name": "Endress+Hauser GM32 all versions",
                          "product_id": "CSAFPID-11012"
                        }
                      }
                    ],
                    "category": "product_name",
                    "name": "GM32"
                  },
                  {
                    "branches": [
                      {
                        "category": "product_version_range",
                        "name": "vers:all/*",
                        "product": {
                          "name": "Endress+Hauser VICOTEC320 all versions",
                          "product_id": "CSAFPID-11013"
                        }
                      }
                    ],
                    "category": "product_name",
                    "name": "VICOTEC320"
                  },
                  {
                    "branches": [
                      {
                        "category": "product_version_range",
                        "name": "vers:all/*",
                        "product": {
                          "name": "Endress+Hauser MCU ETH-Service and Modbus-TCP Module all versions",
                          "product_id": "CSAFPID-11015"
                        }
                      }
                    ],
                    "category": "product_name",
                    "name": "MCU ETH-Service and Modbus-TCP Module"
                  },
                  {
                    "branches": [
                      {
                        "category": "product_version_range",
                        "name": "vers:all/*",
                        "product": {
                          "name": "Endress+Hauser FLPS all versions",
                          "product_id": "CSAFPID-11016"
                        }
                      }
                    ],
                    "category": "product_name",
                    "name": "FLPS"
                  },
                  {
                    "branches": [
                      {
                        "category": "product_version_range",
                        "name": "vers:all/*",
                        "product": {
                          "name": "Endress+Hauser MES1B B\u0026B Converter all versions",
                          "product_id": "CSAFPID-11017"
                        }
                      }
                    ],
                    "category": "product_name",
                    "name": "MES1B B\u0026B Converter"
                  }
                ],
                "category": "product_family",
                "name": "Extractive Analyzer"
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "MARSIC200 Firmware vers:all/*",
                  "product_id": "CSAFPID-21001"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "MARSIC280 Firmware vers:all/*",
                  "product_id": "CSAFPID-21002"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "MARSIC300 Firmware vers:all/*",
                  "product_id": "CSAFPID-21003"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "MCS100FT Firmware vers:all/*",
                  "product_id": "CSAFPID-21004"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "MCS200HW Firmware vers:all/*",
                  "product_id": "CSAFPID-21005"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "MCS300P Firmware vers:all/*",
                  "product_id": "CSAFPID-21006"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "MERCEM300Z Firmware vers:all/*",
                  "product_id": "CSAFPID-21007"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SAM800 Firmware vers:all/*",
                  "product_id": "CSAFPID-21008"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIPROCESS Firmware vers:all/*",
                  "product_id": "CSAFPID-21009"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "GMS800 Firmware vers:all/*",
                  "product_id": "CSAFPID-21010"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "GMS800 FIDOR Firmware vers:all/*",
                  "product_id": "CSAFPID-21011"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "GM32 Firmware vers:all/*",
                  "product_id": "CSAFPID-21012"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "VICOTEC320 Firmware vers:all/*",
                  "product_id": "CSAFPID-21013"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "MCU ETH-Service and Modbus-TCP Module Firmware vers:all/*",
                  "product_id": "CSAFPID-21015"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "FLPS Firmware vers:all/*",
                  "product_id": "CSAFPID-21016"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "MES1B B\u0026B Converter Firmware vers:all/*",
                  "product_id": "CSAFPID-21017"
                }
              }
            ],
            "category": "product_family",
            "name": "Firmware"
          }
        ],
        "category": "vendor",
        "name": "Endress+Hauser"
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Endress+Hauser MARSIC200 all firmware versions",
          "product_id": "CSAFPID-31001"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Endress+Hauser MARSIC280 all firmware versions",
          "product_id": "CSAFPID-31002"
        },
        "product_reference": "CSAFPID-21002",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Endress+Hauser MARSIC300 all firmware versions",
          "product_id": "CSAFPID-31003"
        },
        "product_reference": "CSAFPID-21003",
        "relates_to_product_reference": "CSAFPID-11003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Endress+Hauser MCS100FT all firmware versions",
          "product_id": "CSAFPID-31004"
        },
        "product_reference": "CSAFPID-21004",
        "relates_to_product_reference": "CSAFPID-11004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Endress+Hauser MCS200HW all firmware versions",
          "product_id": "CSAFPID-31005"
        },
        "product_reference": "CSAFPID-21005",
        "relates_to_product_reference": "CSAFPID-11005"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Endress+Hauser MCS300P all firmware versions",
          "product_id": "CSAFPID-31006"
        },
        "product_reference": "CSAFPID-21006",
        "relates_to_product_reference": "CSAFPID-11006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Endress+Hauser MERCEM300Z all firmware versions",
          "product_id": "CSAFPID-31007"
        },
        "product_reference": "CSAFPID-21007",
        "relates_to_product_reference": "CSAFPID-11007"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Endress+Hauser SAM800 all firmware versions",
          "product_id": "CSAFPID-31008"
        },
        "product_reference": "CSAFPID-21008",
        "relates_to_product_reference": "CSAFPID-11008"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Endress+Hauser SIPROCESS all firmware versions",
          "product_id": "CSAFPID-31009"
        },
        "product_reference": "CSAFPID-21009",
        "relates_to_product_reference": "CSAFPID-11009"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Endress+Hauser GMS800 all firmware versions",
          "product_id": "CSAFPID-31010"
        },
        "product_reference": "CSAFPID-21010",
        "relates_to_product_reference": "CSAFPID-11010"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Endress+Hauser GMS800 FIDOR all firmware versions",
          "product_id": "CSAFPID-31011"
        },
        "product_reference": "CSAFPID-21011",
        "relates_to_product_reference": "CSAFPID-11011"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Endress+Hauser GM32 all firmware versions",
          "product_id": "CSAFPID-31012"
        },
        "product_reference": "CSAFPID-21012",
        "relates_to_product_reference": "CSAFPID-11012"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Endress+Hauser VICOTEC320 all firmware versions",
          "product_id": "CSAFPID-31013"
        },
        "product_reference": "CSAFPID-21013",
        "relates_to_product_reference": "CSAFPID-11013"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Endress+Hauser MCU ETH-Service and Modbus-TCP Module all firmware versions",
          "product_id": "CSAFPID-31015"
        },
        "product_reference": "CSAFPID-21015",
        "relates_to_product_reference": "CSAFPID-11015"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Endress+Hauser FLPS all firmware versions",
          "product_id": "CSAFPID-31016"
        },
        "product_reference": "CSAFPID-21016",
        "relates_to_product_reference": "CSAFPID-11016"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Endress+Hauser MES1B B\u0026B Converter all firmware versions",
          "product_id": "CSAFPID-31017"
        },
        "product_reference": "CSAFPID-21017",
        "relates_to_product_reference": "CSAFPID-11017"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-8751",
      "cwe": {
        "id": "CWE-306",
        "name": "Missing Authentication for Critical Function"
      },
      "notes": [
        {
          "audience": "all",
          "category": "description",
          "text": "A vulnerability allows a remote unauthenticated attacker to modify the product\u0027s IP address over the Sopas ET interface. This can lead to a Denial of Service attack.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007",
          "CSAFPID-31008",
          "CSAFPID-31009",
          "CSAFPID-31010",
          "CSAFPID-31011",
          "CSAFPID-31012",
          "CSAFPID-31013",
          "CSAFPID-31015",
          "CSAFPID-31016",
          "CSAFPID-31017"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The \u201dICS-CERT recommended practices on Industrial Security\u201d could help to implement the general security practices.",
          "product_ids": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004",
            "CSAFPID-31005",
            "CSAFPID-31006",
            "CSAFPID-31007",
            "CSAFPID-31008",
            "CSAFPID-31009",
            "CSAFPID-31010",
            "CSAFPID-31011",
            "CSAFPID-31012",
            "CSAFPID-31013",
            "CSAFPID-31015",
            "CSAFPID-31016",
            "CSAFPID-31017"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "environmentalScore": 7.5,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004",
            "CSAFPID-31005",
            "CSAFPID-31006",
            "CSAFPID-31007",
            "CSAFPID-31008",
            "CSAFPID-31009",
            "CSAFPID-31010",
            "CSAFPID-31011",
            "CSAFPID-31012",
            "CSAFPID-31013",
            "CSAFPID-31015",
            "CSAFPID-31016",
            "CSAFPID-31017"
          ]
        }
      ],
      "title": "CVE-2024-8751"
    }
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…