Vulnerabilites related to sick - sopas_engineering_tool
cve-2021-32497
Vulnerability from cvelistv5
Published
2021-12-17 16:09
Modified
2024-08-03 23:17
Severity ?
EPSS score ?
Summary
SICK SOPAS ET before version 4.8.0 allows attackers to wrap any executable file into an SDD and provide this to a SOPAS ET user. When a user starts the emulator the executable is run without further checks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://sick.com/psirt#advisories | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | SICK SOPAS ET |
Version: all versions before 4.8.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:29.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sick.com/psirt#advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SICK SOPAS ET",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "all versions before 4.8.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SICK SOPAS ET before version 4.8.0 allows attackers to wrap any executable file into an SDD and provide this to a SOPAS ET user. When a user starts the emulator the executable is run without further checks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-17T16:09:59",
"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"shortName": "SICK AG"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sick.com/psirt#advisories"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@sick.de",
"ID": "CVE-2021-32497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SICK SOPAS ET",
"version": {
"version_data": [
{
"version_value": "all versions before 4.8.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SICK SOPAS ET before version 4.8.0 allows attackers to wrap any executable file into an SDD and provide this to a SOPAS ET user. When a user starts the emulator the executable is run without further checks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inclusion of Functionality from Untrusted Control Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sick.com/psirt#advisories",
"refsource": "MISC",
"url": "https://sick.com/psirt#advisories"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"assignerShortName": "SICK AG",
"cveId": "CVE-2021-32497",
"datePublished": "2021-12-17T16:09:59",
"dateReserved": "2021-05-10T00:00:00",
"dateUpdated": "2024-08-03T23:17:29.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32499
Vulnerability from cvelistv5
Published
2021-12-17 16:10
Modified
2024-08-03 23:17
Severity ?
EPSS score ?
Summary
SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the command line arguments to pass in any value to the Emulator executable.
References
| ▼ | URL | Tags |
|---|---|---|
| https://sick.com/psirt#advisories | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | SICK SOPAS ET |
Version: all versions before 4.8.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:29.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sick.com/psirt#advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SICK SOPAS ET",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "all versions before 4.8.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the command line arguments to pass in any value to the Emulator executable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Acceptance of Extraneous Untrusted Data With Trusted Data",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-17T16:10:01",
"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"shortName": "SICK AG"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sick.com/psirt#advisories"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@sick.de",
"ID": "CVE-2021-32499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SICK SOPAS ET",
"version": {
"version_data": [
{
"version_value": "all versions before 4.8.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the command line arguments to pass in any value to the Emulator executable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Acceptance of Extraneous Untrusted Data With Trusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sick.com/psirt#advisories",
"refsource": "MISC",
"url": "https://sick.com/psirt#advisories"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"assignerShortName": "SICK AG",
"cveId": "CVE-2021-32499",
"datePublished": "2021-12-17T16:10:01",
"dateReserved": "2021-05-10T00:00:00",
"dateUpdated": "2024-08-03T23:17:29.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32498
Vulnerability from cvelistv5
Published
2021-12-17 16:10
Modified
2024-08-03 23:17
Severity ?
EPSS score ?
Summary
SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the pathname of the emulator and use path traversal to run an arbitrary executable located on the host system. When the user starts the emulator from SOPAS ET the corresponding executable will be started instead of the emulator
References
| ▼ | URL | Tags |
|---|---|---|
| https://sick.com/psirt#advisories | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | SICK SOPAS ET |
Version: all versions before 4.8.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:29.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sick.com/psirt#advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SICK SOPAS ET",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "all versions before 4.8.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the pathname of the emulator and use path traversal to run an arbitrary executable located on the host system. When the user starts the emulator from SOPAS ET the corresponding executable will be started instead of the emulator"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Limitation of a Pathname to a Restricted Directory",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-17T16:10:00",
"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"shortName": "SICK AG"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sick.com/psirt#advisories"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@sick.de",
"ID": "CVE-2021-32498",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SICK SOPAS ET",
"version": {
"version_data": [
{
"version_value": "all versions before 4.8.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the pathname of the emulator and use path traversal to run an arbitrary executable located on the host system. When the user starts the emulator from SOPAS ET the corresponding executable will be started instead of the emulator"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Limitation of a Pathname to a Restricted Directory"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sick.com/psirt#advisories",
"refsource": "MISC",
"url": "https://sick.com/psirt#advisories"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"assignerShortName": "SICK AG",
"cveId": "CVE-2021-32498",
"datePublished": "2021-12-17T16:10:00",
"dateReserved": "2021-05-10T00:00:00",
"dateUpdated": "2024-08-03T23:17:29.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-12-17 17:15
Modified
2024-11-21 06:07
Severity ?
Summary
SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the pathname of the emulator and use path traversal to run an arbitrary executable located on the host system. When the user starts the emulator from SOPAS ET the corresponding executable will be started instead of the emulator
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@sick.de | https://sick.com/psirt#advisories | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sick.com/psirt#advisories | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sick | sopas_engineering_tool | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sick:sopas_engineering_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38898887-C58A-45D2-A40B-538F999C4C18",
"versionEndExcluding": "4.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the pathname of the emulator and use path traversal to run an arbitrary executable located on the host system. When the user starts the emulator from SOPAS ET the corresponding executable will be started instead of the emulator"
},
{
"lang": "es",
"value": "SICK SOPAS ET versiones anteriores a 4.8.0, permite a atacantes manipular el nombre de la ruta del emulador y usar un salto de ruta para correr un ejecutable arbitrario ubicado en el sistema anfitri\u00f3n. Cuando el usuario inicie el emulador desde SOPAS ET ser\u00e1 iniciado el ejecutable correspondiente en lugar del emulador"
}
],
"id": "CVE-2021-32498",
"lastModified": "2024-11-21T06:07:09.283",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-17T17:15:12.693",
"references": [
{
"source": "psirt@sick.de",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://sick.com/psirt#advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://sick.com/psirt#advisories"
}
],
"sourceIdentifier": "psirt@sick.de",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-17 17:15
Modified
2024-11-21 06:07
Severity ?
Summary
SICK SOPAS ET before version 4.8.0 allows attackers to wrap any executable file into an SDD and provide this to a SOPAS ET user. When a user starts the emulator the executable is run without further checks.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@sick.de | https://sick.com/psirt#advisories | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sick.com/psirt#advisories | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sick | sopas_engineering_tool | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sick:sopas_engineering_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38898887-C58A-45D2-A40B-538F999C4C18",
"versionEndExcluding": "4.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SICK SOPAS ET before version 4.8.0 allows attackers to wrap any executable file into an SDD and provide this to a SOPAS ET user. When a user starts the emulator the executable is run without further checks."
},
{
"lang": "es",
"value": "SICK SOPAS ET versiones anteriores a 4.8.0 permite a atacantes envolver cualquier archivo ejecutable en un SDD y proporcionarlo a un usuario de SOPAS ET. Cuando un usuario inicia el emulador, el ejecutable es corrido sin m\u00e1s comprobaciones"
}
],
"id": "CVE-2021-32497",
"lastModified": "2024-11-21T06:07:09.167",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-17T17:15:12.647",
"references": [
{
"source": "psirt@sick.de",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://sick.com/psirt#advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://sick.com/psirt#advisories"
}
],
"sourceIdentifier": "psirt@sick.de",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-17 17:15
Modified
2024-11-21 06:07
Severity ?
Summary
SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the command line arguments to pass in any value to the Emulator executable.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@sick.de | https://sick.com/psirt#advisories | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sick.com/psirt#advisories | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sick | sopas_engineering_tool | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sick:sopas_engineering_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38898887-C58A-45D2-A40B-538F999C4C18",
"versionEndExcluding": "4.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the command line arguments to pass in any value to the Emulator executable."
},
{
"lang": "es",
"value": "SICK SOPAS ET versiones anteriores a 4.8.0, permite a atacantes manipular los argumentos de la l\u00ednea de comandos para pasar cualquier valor al ejecutable del emulador"
}
],
"id": "CVE-2021-32499",
"lastModified": "2024-11-21T06:07:09.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-17T17:15:12.747",
"references": [
{
"source": "psirt@sick.de",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://sick.com/psirt#advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://sick.com/psirt#advisories"
}
],
"sourceIdentifier": "psirt@sick.de",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}