{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "summary",
        "text": "The ICS-CERT reported a security vulnerability that affects MSC800 versions before 4.0. The MSC800 uses hard-coded credentials, which potentially allow low-skilled remote attackers to reconfigure settings and /or disrupt the functionality of the device. \n\nCurrently SICK is not aware of any public exploits specifically targeting this vulnerability.\n\nSICK has released a firmware update for MSC800 and recommends updating to the new version.",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.",
        "title": "General Security Measures"
      },
      {
        "category": "general",
        "text": "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer\u2019s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.",
        "title": "Vulnerability Classification"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@sick.de",
      "issuing_authority": "SICK PSIRT is responsible for any vulnerabilities related to SICK products.",
      "name": "SICK PSIRT",
      "namespace": "https://sick.com/psirt"
    },
    "references": [
      {
        "summary": "SICK PSIRT Security Advisories",
        "url": "https://sick.com/psirt"
      },
      {
        "summary": "SICK Operating Guidelines",
        "url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
      },
      {
        "summary": "ICS-CERT recommended practices on Industrial Security",
        "url": "http://ics-cert.us-cert.gov/content/recommended-practices"
      },
      {
        "summary": "CVSS v3.1 Calculator",
        "url": "https://www.first.org/cvss/calculator/3.1"
      },
      {
        "category": "self",
        "summary": "The canonical URL.",
        "url": "https://www.sick.com/.well-known/csaf/white/2019/sca-2019-0001.json"
      }
    ],
    "title": "MSC800 affected by hard-coded credentials vulnerability",
    "tracking": {
      "current_release_date": "2019-06-21T10:00:00.000Z",
      "generator": {
        "date": "2023-02-09T13:43:04.269Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.0.0"
        }
      },
      "id": "SCA-2019-0001",
      "initial_release_date": "2019-06-21T10:00:00.000Z",
      "revision_history": [
        {
          "date": "2019-06-21T10:00:00.000Z",
          "number": "1",
          "summary": "Initial Release"
        },
        {
          "date": "2023-02-09T11:00:00.000Z",
          "number": "2",
          "summary": "Updated Advisory (only visual changes)"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SICK MSC800 vers:all/*",
                  "product_id": "CSAFPID-0001",
                  "product_identification_helper": {
                    "skus": [
                      "1040571"
                    ],
                    "x_generic_uris": [
                      {
                        "namespace": "SICK:Website",
                        "uri": "SICK:Website:https://www.sick.com/de/de/p/p354746"
                      }
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "MSC800"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c4.0",
                "product": {
                  "name": "SICK MSC800 Firmware \u003c4.0",
                  "product_id": "CSAFPID-0002"
                }
              },
              {
                "category": "product_version",
                "name": "4.0",
                "product": {
                  "name": "SICK MSC800 Firmware 4.0",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "MSC800 Firmware"
          }
        ],
        "category": "vendor",
        "name": "SICK AG"
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK MSC800 with Firmware \u003c4.0",
          "product_id": "CSAFPID-0003"
        },
        "product_reference": "CSAFPID-0002",
        "relates_to_product_reference": "CSAFPID-0001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK MSC800 with Firmware 4.0",
          "product_id": "CSAFPID-0005"
        },
        "product_reference": "CSAFPID-0004",
        "relates_to_product_reference": "CSAFPID-0001"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-10979",
      "cwe": {
        "id": "CWE-798",
        "name": "Use of Hard-coded Credentials"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The MSC800 uses hard-coded credentials, which potentially allow low-skilled unauthorized remote attackers to reconfigure settings and /or disrupt the functionality of the device.",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-0005"
        ],
        "known_affected": [
          "CSAFPID-0003"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "SICK has released a firmware update for MSC800 and recommends updating to the new version V4.0.\n\nThe update allows customers to change the default customer passwords and to optionally disable device configuration over desired networks interfaces, especially in critical infrastructures. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person. Until the firmware update is installed, general security practices should be utilized. In case the referenced patches cannot be applied, the following general security practices could mitigate the associated risk.",
          "product_ids": [
            "CSAFPID-0003"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0003"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "An attacker gaining access to a privileged account could execute code, read sensitive data, change configurations or disrupt the functionality of the product.",
          "product_ids": [
            "CSAFPID-0003"
          ]
        },
        {
          "category": "exploit_status",
          "details": "Currently SICK is not aware of any public exploits specifically targeting this vulnerability.",
          "product_ids": [
            "CSAFPID-0003"
          ]
        }
      ]
    }
  ]
}

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "summary",
        "text": "The ICS-CERT reported a security vulnerability that affects MSC800 versions before 4.0. The MSC800 uses hard-coded credentials, which potentially allow low-skilled remote attackers to reconfigure settings and /or disrupt the functionality of the device. \n\nCurrently SICK is not aware of any public exploits specifically targeting this vulnerability.\n\nSICK has released a firmware update for MSC800 and recommends updating to the new version.",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.",
        "title": "General Security Measures"
      },
      {
        "category": "general",
        "text": "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer\u2019s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.",
        "title": "Vulnerability Classification"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@sick.de",
      "issuing_authority": "SICK PSIRT is responsible for any vulnerabilities related to SICK products.",
      "name": "SICK PSIRT",
      "namespace": "https://sick.com/psirt"
    },
    "references": [
      {
        "summary": "SICK PSIRT Security Advisories",
        "url": "https://sick.com/psirt"
      },
      {
        "summary": "SICK Operating Guidelines",
        "url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
      },
      {
        "summary": "ICS-CERT recommended practices on Industrial Security",
        "url": "http://ics-cert.us-cert.gov/content/recommended-practices"
      },
      {
        "summary": "CVSS v3.1 Calculator",
        "url": "https://www.first.org/cvss/calculator/3.1"
      },
      {
        "category": "self",
        "summary": "The canonical URL.",
        "url": "https://www.sick.com/.well-known/csaf/white/2019/sca-2019-0001.json"
      }
    ],
    "title": "MSC800 affected by hard-coded credentials vulnerability",
    "tracking": {
      "current_release_date": "2019-06-21T10:00:00.000Z",
      "generator": {
        "date": "2023-02-09T13:43:04.269Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.0.0"
        }
      },
      "id": "SCA-2019-0001",
      "initial_release_date": "2019-06-21T10:00:00.000Z",
      "revision_history": [
        {
          "date": "2019-06-21T10:00:00.000Z",
          "number": "1",
          "summary": "Initial Release"
        },
        {
          "date": "2023-02-09T11:00:00.000Z",
          "number": "2",
          "summary": "Updated Advisory (only visual changes)"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SICK MSC800 vers:all/*",
                  "product_id": "CSAFPID-0001",
                  "product_identification_helper": {
                    "skus": [
                      "1040571"
                    ],
                    "x_generic_uris": [
                      {
                        "namespace": "SICK:Website",
                        "uri": "SICK:Website:https://www.sick.com/de/de/p/p354746"
                      }
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "MSC800"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c4.0",
                "product": {
                  "name": "SICK MSC800 Firmware \u003c4.0",
                  "product_id": "CSAFPID-0002"
                }
              },
              {
                "category": "product_version",
                "name": "4.0",
                "product": {
                  "name": "SICK MSC800 Firmware 4.0",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "MSC800 Firmware"
          }
        ],
        "category": "vendor",
        "name": "SICK AG"
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK MSC800 with Firmware \u003c4.0",
          "product_id": "CSAFPID-0003"
        },
        "product_reference": "CSAFPID-0002",
        "relates_to_product_reference": "CSAFPID-0001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK MSC800 with Firmware 4.0",
          "product_id": "CSAFPID-0005"
        },
        "product_reference": "CSAFPID-0004",
        "relates_to_product_reference": "CSAFPID-0001"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-10979",
      "cwe": {
        "id": "CWE-798",
        "name": "Use of Hard-coded Credentials"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The MSC800 uses hard-coded credentials, which potentially allow low-skilled unauthorized remote attackers to reconfigure settings and /or disrupt the functionality of the device.",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-0005"
        ],
        "known_affected": [
          "CSAFPID-0003"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "SICK has released a firmware update for MSC800 and recommends updating to the new version V4.0.\n\nThe update allows customers to change the default customer passwords and to optionally disable device configuration over desired networks interfaces, especially in critical infrastructures. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person. Until the firmware update is installed, general security practices should be utilized. In case the referenced patches cannot be applied, the following general security practices could mitigate the associated risk.",
          "product_ids": [
            "CSAFPID-0003"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0003"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "An attacker gaining access to a privileged account could execute code, read sensitive data, change configurations or disrupt the functionality of the product.",
          "product_ids": [
            "CSAFPID-0003"
          ]
        },
        {
          "category": "exploit_status",
          "details": "Currently SICK is not aware of any public exploits specifically targeting this vulnerability.",
          "product_ids": [
            "CSAFPID-0003"
          ]
        }
      ]
    }
  ]
}

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Tri Quach"
        ],
        "organization": "Amazon \u0027s Customer Fulfillment Technology Security (CFTS) group",
        "summary": "reporting this vulnerability to NCCIC"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of this vulnerability could allow a low-skilled remote attacker to reconfigure settings and/or disrupt the functionality of the device.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Germany",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nNCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target this vulnerability.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-19-178-04 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2019/icsa-19-178-04.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-19-178-04 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-178-04"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://ics-cert.us-cert.gov/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://ics-cert.us-cert.gov/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "SICK MSC800",
    "tracking": {
      "current_release_date": "2019-06-27T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-19-178-04",
      "initial_release_date": "2019-06-27T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2019-06-27T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-19-178-04 SICK MSC800"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 4.0",
                "product": {
                  "name": "MSC800: all versions prior to Version 4.0",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "MSC800"
          }
        ],
        "category": "vendor",
        "name": "SICK"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-10979",
      "cwe": {
        "id": "CWE-798",
        "name": "Use of Hard-coded Credentials"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected firmware versions contain a hard-coded customer account password.CVE-2019-10979 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10979"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "SICK recommends affected users upgrade to the latest firmware version (v4.0).",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "The patch and installation procedure for the firmware update is available from the responsible SICK representative. Until the firmware update is installed, general security practices should be utilized.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "In case the referenced patches cannot be applied, the following general security practices could mitigate the associated risk.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For more information SICK has released a security notification that can be found at: https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Tri Quach"
        ],
        "organization": "Amazon \u0027s Customer Fulfillment Technology Security (CFTS) group",
        "summary": "reporting this vulnerability to NCCIC"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of this vulnerability could allow a low-skilled remote attacker to reconfigure settings and/or disrupt the functionality of the device.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Germany",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nNCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target this vulnerability.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-19-178-04 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2019/icsa-19-178-04.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-19-178-04 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-178-04"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://ics-cert.us-cert.gov/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://ics-cert.us-cert.gov/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "SICK MSC800",
    "tracking": {
      "current_release_date": "2019-06-27T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-19-178-04",
      "initial_release_date": "2019-06-27T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2019-06-27T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-19-178-04 SICK MSC800"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 4.0",
                "product": {
                  "name": "MSC800: all versions prior to Version 4.0",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "MSC800"
          }
        ],
        "category": "vendor",
        "name": "SICK"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-10979",
      "cwe": {
        "id": "CWE-798",
        "name": "Use of Hard-coded Credentials"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected firmware versions contain a hard-coded customer account password.CVE-2019-10979 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10979"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "SICK recommends affected users upgrade to the latest firmware version (v4.0).",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "The patch and installation procedure for the firmware update is available from the responsible SICK representative. Until the firmware update is installed, general security practices should be utilized.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "In case the referenced patches cannot be applied, the following general security practices could mitigate the associated risk.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For more information SICK has released a security notification that can be found at: https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}

{
  "GSD": {
    "alias": "CVE-2019-10979",
    "description": "SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password.",
    "id": "GSD-2019-10979"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-10979"
      ],
      "details": "SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password.",
      "id": "GSD-2019-10979",
      "modified": "2023-12-13T01:23:59.706192Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "ID": "CVE-2019-10979",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "MSC800",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "all versions prior to Version 4.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "SICK"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "USE OF HARD-CODED CREDENTIALS CWE-798"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "108924",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/108924"
          },
          {
            "name": "https://www.us-cert.gov/ics/advisories/icsa-19-178-04",
            "refsource": "MISC",
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-04"
          },
          {
            "name": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories",
            "refsource": "CONFIRM",
            "url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sick:msc800_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sick:msc800:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2019-10979"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-798"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsa-19-178-04",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-04"
            },
            {
              "name": "108924",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/108924"
            },
            {
              "name": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-08-01T13:15Z",
      "publishedDate": "2019-07-01T21:15Z"
    }
  }
}

{
  "affected": [],
  "aliases": [
    "CVE-2019-10979"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-798"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-01T21:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password.",
  "id": "GHSA-m5v2-9qv5-hvh2",
  "modified": "2024-04-04T01:08:07Z",
  "published": "2022-05-24T16:49:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10979"
    },
    {
      "type": "WEB",
      "url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"
    },
    {
      "type": "WEB",
      "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-04"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/108924"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sick:msc800_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4BD24C0-833F-4134-930D-A196C1891098",
              "versionEndExcluding": "4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sick:msc800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A09CB55-1368-4623-8EB5-BAB2D57E4BC4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password."
    },
    {
      "lang": "es",
      "value": "SICK MSC800 en todas las versiones anteriores a la versi\u00f3n 4.0, las versiones de firmware afectadas contienen una contrase\u00f1a de cuenta de cliente codificada."
    }
  ],
  "id": "CVE-2019-10979",
  "lastModified": "2024-11-21T04:20:17.190",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-01T21:15:10.920",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/108924"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-04"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/108924"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-04"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}