Vulnetix
Try Vulnetix Request Demo
SCA-2025-0001 PUBLISHED CVSS 9.899999618530273 CRITICAL

SICK has identified vulnerabilities in MEAC300. These vulnerabilities, related to the OpenSSL library and specific device functionalities, could potentially allow remote, unauthenticated attackers to: 1) Cause a denial of service: Triggering an infinite loop that consumes CPU resources, rendering the device unresponsive (CVE-2022-0778). This impacts MEAC300 DE devices running vulnerable OpenSSL versions when processing manipulated SSH certificates. 2) Compromise the MEAC300: Exploit vulnerabilities accessible via Ethernet to potentially impact the availability, integrity, and confidentiality of the device. SICK recommends ensuring that affected products operate within secure network environments to mitigate these risks.

Risk Scores

CVSS v3.1
9.899999618530273
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersions
SICK MEAC300 DE Firmware all versions
SICK MEAC 300 Firmware >=4.0.54.21
SICK MEAC300 DE all versions
SICK MEAC 300 Firmware <4.0.54.21
SICK MEAC300 all versions

Timeline

References

Open in Interactive Console →