VDB
SCA-2025-0001
SCA-2025-0001
PUBLISHED
CVSS 9.899999618530273 CRITICAL
SICK has identified vulnerabilities in MEAC300. These vulnerabilities, related to the OpenSSL library and specific device functionalities, could potentially allow remote, unauthenticated attackers to: 1) Cause a denial of service: Triggering an infinite loop that consumes CPU resources, rendering the device unresponsive (CVE-2022-0778). This impacts MEAC300 DE devices running vulnerable OpenSSL versions when processing manipulated SSH certificates. 2) Compromise the MEAC300: Exploit vulnerabilities accessible via Ethernet to potentially impact the availability, integrity, and confidentiality of the device. SICK recommends ensuring that affected products operate within secure network environments to mitigate these risks.
Risk Scores
CVSS 3.1
9.899999618530273
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SICK MEAC300 DE Firmware all versions | ||
| SICK MEAC 300 Firmware >=4.0.54.21 | ||
| SICK MEAC300 DE all versions | ||
| SICK MEAC 300 Firmware <4.0.54.21 | ||
| SICK MEAC300 all versions |
Exploit Intelligence
- https://sick.com/psirt (circl)
- https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf (circl)
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices (circl)
- https://www.first.org/cvss/calculator/3.1 (circl)
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0001.json (circl)
Timeline
- Feb 14, 2025 CVE Published
- Feb 21, 2025 CVE Updated
References
- https://sick.com/psirt url
- https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.first.org/cvss/calculator/3.1 url
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0001.json advisory