CVE-2020-2075

Platform mechanism AutoIP allows remote attackers to reboot the device via a crafted packet in SICK AG solutions Bulkscan LMS111, Bulkscan LMS511, CLV62x – CLV65x, ICR890-3, LMS10x, LMS11x, LMS15x, LMS12x, LMS13x, LMS14x, LMS5xx, LMS53x, MSC800, RFH.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories	Vendor Advisory
https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:sick:lms111_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:lms111:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:sick:lms511_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:lms511:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:sick:clv620_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:clv620:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:sick:clv622_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:clv622:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:sick:clv621_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:clv621:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:sick:icr890-3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:icr890-3:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:sick:msc800_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:msc800:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:sick:rfh_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:rfh:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:sick:clv650_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:clv650:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:sick:clv651_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:clv651:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:sick:clv631_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:clv631:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:sick:clv630_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:clv630:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:sick:clv632_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:clv632:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:sick:clv640_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:clv640:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:sick:clv642_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:clv642:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:sick:lms100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:lms100:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:sick:lms101_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:lms101:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:sick:lms111_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:lms111:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:sick:lms153_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:lms153:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:sick:lms151_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:lms151:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:sick:lms133_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:lms133:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:sick:lms142_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:lms142:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:sick:lms143_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:lms143:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:sick:lms131_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:lms131:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:sick:lms121_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:lms121:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:sick:lms123_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:lms123:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:sick:lms122_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:lms122:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:sick:lms141_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:lms141:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND

cpe:2.3:o:sick:lms511_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:lms511:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND

cpe:2.3:o:sick:lms531_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:lms531:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND

cpe:2.3:o:sick:lms500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:lms500:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND

cpe:2.3:o:sick:icr890-3.5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:icr890-3.5:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:24

Type	Values Removed	Values Added
References	~~() https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories - Vendor Advisory~~	() https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories - Vendor Advisory

Information

Published : 2020-08-31 18:15

Updated : 2024-11-21 05:24

NVD link : CVE-2020-2075

Mitre link : CVE-2020-2075

CVE.ORG link : CVE-2020-2075

JSON object : View

Products Affected

sick

lms111_firmware
clv650_firmware
icr890-3
msc800_firmware
lms142_firmware
lms143_firmware
lms131
lms133_firmware
clv651
lms141
clv620
lms511_firmware
lms100
lms151
lms133
icr890-3_firmware
clv632_firmware
lms500_firmware
clv621
lms121_firmware
clv630
lms122_firmware
clv651_firmware
lms101_firmware
clv621_firmware
lms122
lms121
clv630_firmware
clv650
clv632
rfh
clv642
lms100_firmware
lms531
lms153_firmware
rfh_firmware
lms153
lms123_firmware
clv640_firmware
icr890-3.5
lms142
lms500
clv631
lms151_firmware
clv631_firmware
lms101
clv622
lms511
clv640
lms143
clv620_firmware
lms531_firmware
clv642_firmware
lms131_firmware
msc800
lms111
clv622_firmware
lms141_firmware
icr890-3.5_firmware
lms123

CWE

CWE-703

Improper Check or Handling of Exceptional Conditions

CWE-755

Improper Handling of Exceptional Conditions

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2020-2075

7.5^/10

5.0^/10

Attach tags to `CVE-2020-2075`