{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-8751", "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "state": "PUBLISHED", "assignerShortName": "SICK AG", "dateReserved": "2024-09-12T13:17:03.176Z", "datePublished": "2024-09-12T21:38:37.516Z", "dateUpdated": "2024-09-13T14:02:19.375Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "SICK MSC800", "vendor": "SICK AG", "versions": [{"lessThanOrEqual": "<=V4.25", "status": "affected", "version": "V1.0", "versionType": "custom"}, {"lessThanOrEqual": "<=S2.93.19", "status": "affected", "version": "S1.0", "versionType": "custom"}]}], "datePublic": "2024-09-12T21:33:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product\u2019s IP\naddress over Sopas ET. <br>This can lead to Denial of Service. <br>Users are recommended to upgrade both\nMSC800 and MSC800 LFT to version V4.26 and S2.93.20 respectively which fixes this issue."}], "value": "A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product\u2019s IP\naddress over Sopas ET. \nThis can lead to Denial of Service. \nUsers are recommended to upgrade both\nMSC800 and MSC800 LFT to version V4.26 and S2.93.20 respectively which fixes this issue."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "shortName": "SICK AG", "dateUpdated": "2024-09-12T21:38:37.516Z"}, "references": [{"tags": ["x_SICK PSIRT Website"], "url": "https://sick.com/psirt"}, {"tags": ["x_SICK Operating Guidelines"], "url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"}, {"tags": ["x_ICS-CERT recommended practices on Industrial Security"], "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"}, {"tags": ["x_CVSS v3.1 Calculator"], "url": "https://www.first.org/cvss/calculator/3.1"}, {"tags": ["vendor-advisory"], "url": "https://www.sick.com/.well-known/csaf/white/2024/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Customers who use the version &lt;=V4.25 are strongly recommended to upgrade to the latest\nrelease V4.26\n\n<br>"}], "value": "Customers who use the version <=V4.25 are strongly recommended to upgrade to the latest\nrelease V4.26"}, {"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Customers who use the version &lt;=S2.93.19 are strongly recommended to upgrade to the\nlatest release S2.93.20.\n\n<br>"}], "value": "Customers who use the version <=S2.93.19 are strongly recommended to upgrade to the\nlatest release S2.93.20."}], "source": {"discovery": "INTERNAL"}, "timeline": [{"lang": "en", "time": "2024-09-12T21:36:00.000Z", "value": "1: Initial version"}], "title": "Vulnerability in SICK MSC800", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "sick", "product": "msc800_firmware", "cpes": ["cpe:2.3:o:sick:msc800_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0", "status": "affected", "lessThanOrEqual": "4.25", "versionType": "custom"}, {"version": "1.0", "status": "affected", "lessThanOrEqual": "s2.93.19", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-13T13:53:13.856056Z", "id": "CVE-2024-8751", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-13T14:02:19.375Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-8751", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-13T13:53:13.856056Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:sick:msc800_firmware:*:*:*:*:*:*:*:*"], "vendor": "sick", "product": "msc800_firmware", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "4.25"}, {"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "s2.93.19"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-13T14:00:20.584Z"}}], "cna": {"title": "Vulnerability in SICK MSC800", "source": {"discovery": "INTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SICK AG", "product": "SICK MSC800", "versions": [{"status": "affected", "version": "V1.0", "versionType": "custom", "lessThanOrEqual": "<=V4.25"}, {"status": "affected", "version": "S1.0", "versionType": "custom", "lessThanOrEqual": "<=S2.93.19"}], "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2024-09-12T21:36:00.000Z", "value": "1: Initial version"}], "solutions": [{"lang": "en", "value": "Customers who use the version <=V4.25 are strongly recommended to upgrade to the latest\nrelease V4.26", "supportingMedia": [{"type": "text/html", "value": "Customers who use the version &lt;=V4.25 are strongly recommended to upgrade to the latest\nrelease V4.26\n\n<br>", "base64": false}]}, {"lang": "en", "value": "Customers who use the version <=S2.93.19 are strongly recommended to upgrade to the\nlatest release S2.93.20.", "supportingMedia": [{"type": "text/html", "value": "Customers who use the version &lt;=S2.93.19 are strongly recommended to upgrade to the\nlatest release S2.93.20.\n\n<br>", "base64": false}]}], "datePublic": "2024-09-12T21:33:00.000Z", "references": [{"url": "https://sick.com/psirt", "tags": ["x_SICK PSIRT Website"]}, {"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF", "tags": ["x_SICK Operating Guidelines"]}, {"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices", "tags": ["x_ICS-CERT recommended practices on Industrial Security"]}, {"url": "https://www.first.org/cvss/calculator/3.1", "tags": ["x_CVSS v3.1 Calculator"]}, {"url": "https://www.sick.com/.well-known/csaf/white/2024/", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product\u2019s IP\naddress over Sopas ET. \nThis can lead to Denial of Service. \nUsers are recommended to upgrade both\nMSC800 and MSC800 LFT to version V4.26 and S2.93.20 respectively which fixes this issue.", "supportingMedia": [{"type": "text/html", "value": "A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product\u2019s IP\naddress over Sopas ET. <br>This can lead to Denial of Service. <br>Users are recommended to upgrade both\nMSC800 and MSC800 LFT to version V4.26 and S2.93.20 respectively which fixes this issue.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "shortName": "SICK AG", "dateUpdated": "2024-09-12T21:38:37.516Z"}}}, "cveMetadata": {"cveId": "CVE-2024-8751", "state": "PUBLISHED", "dateUpdated": "2024-09-13T14:02:19.375Z", "dateReserved": "2024-09-12T13:17:03.176Z", "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "datePublished": "2024-09-12T21:38:37.516Z", "assignerShortName": "SICK AG"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product\u2019s IP\naddress over Sopas ET. \nThis can lead to Denial of Service. \nUsers are recommended to upgrade both\nMSC800 and MSC800 LFT to version V4.26 and S2.93.20 respectively which fixes this issue."}, {"lang": "es", "value": "Una vulnerabilidad en el MSC800 permite que un atacante no autenticado modifique la direcci\u00f3n IP del producto a trav\u00e9s de Sopas ET. Esto puede provocar una denegaci\u00f3n de servicio. Se recomienda a los usuarios que actualicen tanto el MSC800 como el MSC800 LFT a las versiones V4.26 y S2.93.20 respectivamente, que solucionan este problema."}], "id": "CVE-2024-8751", "lastModified": "2024-09-13T14:06:04.777", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "psirt@sick.de", "type": "Secondary"}]}, "published": "2024-09-12T22:15:02.680", "references": [{"source": "psirt@sick.de", "url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"}, {"source": "psirt@sick.de", "url": "https://sick.com/psirt"}, {"source": "psirt@sick.de", "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"}, {"source": "psirt@sick.de", "url": "https://www.first.org/cvss/calculator/3.1"}, {"source": "psirt@sick.de", "url": "https://www.sick.com/.well-known/csaf/white/2024/"}], "sourceIdentifier": "psirt@sick.de", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "psirt@sick.de", "type": "Secondary"}]}

{}