Vulnerability in SICK MSC800
CVE-2024-8751

7.5HIGH

Key Information:

Vendor
Sick Ag
Status
Sick Msc800
Vendor
CVE Published:
12 September 2024

Summary

A vulnerability in the SICK MSC800 device enables an unauthenticated attacker to alter the device’s IP address via Sopas ET. This unauthorized modification has the potential to disrupt services, resulting in a Denial of Service scenario. Affected users are strongly advised to upgrade their MSC800 and MSC800 LFT devices to the latest versions, V4.26 and S2.93.20 respectively, to mitigate the risks associated with this vulnerability. Adhering to cybersecurity best practices is essential for maintaining the security integrity of industrial control systems.

Affected Version(s)

SICK MSC800 V1.0

SICK MSC800 V1.0

SICK MSC800 S1.0

References

https://sick.com/psirt
x_SICK PSIRT Website
https://cdn.sick.com/media/docs/1/11/411/Special_informat...
x_SICK Operating Guidelines
https://www.cisa.gov/resources-tools/resources/ics-recomm...
x_ICS-CERT recommended practices on Industrial Security

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.