VDB
SCA-2022-0007
SCA-2022-0007
PUBLISHED
CVSS 9.800000190734863 CRITICAL
SICK received a report about multiple security vulnerabilities in the SICK MARSIC300 device. The security vulnerabilities are caused by the third-party library Dropbear, which is used by the SICK MARSIC300 to provide SSH communication. A successful exploitation of these vulnerabilities could lead to a remote code execution. SICK has released a new version of the SICK MARSIC300 firmware and recommends updating to the newest version.
Risk Scores
CVSS v3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SICK MARSIC300 all versions | ||
| SICK MARSIC300 Firmware 1EU4 220310 | ||
| SICK MARSIC300 Firmware <1EU4_220310 |
Timeline
- Apr 21, 2022 CVE Published
References
- https://sick.com/psirt url
- https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf url
- http://ics-cert.us-cert.gov/content/recommended-practices url
- https://www.first.org/cvss/calculator/3.1 url
- https://www.sick.com/.well-known/csaf/white/2022/sca-2022-0007.json advisory