OTPulse
FeedAboutContact

SICK MSC800

Act Now9.8ICS-CERT ICSA-19-178-04Jun 27, 2019
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

The SICK MSC800 contains a hardcoded credentials or weak authentication vulnerability (CWE-798) that allows an unauthenticated remote attacker to reconfigure device settings or disrupt functionality. All MSC800 devices running firmware versions earlier than 4.0 are affected. No known public exploits currently target this vulnerability.

What this means
What could happen
An attacker could reconfigure settings on the MSC800 device, potentially altering critical safety or operational parameters. This could disrupt the device's functionality and impact downstream processes that depend on its operation.
Who's at risk
Water authorities and utilities operating SICK MSC800 safety controllers should prioritize this vulnerability. The MSC800 is commonly used in emergency stops, permissive interlocks, and safety logic on industrial machinery and process systems. Any organization with these devices on networked control systems is affected.
How it could be exploited
An attacker on the network could connect directly to the MSC800 on TCP port 2111 or 2112 without credentials and send commands to reconfigure the device settings or disable its functionality. No user interaction or prior authentication is required.
Prerequisites
  • Network connectivity to MSC800 on TCP port 2111 or TCP port 2112
  • MSC800 firmware version earlier than 4.0
remotely exploitableno authentication requiredlow complexityno patch availableaffects safety systems
Exploitability
Moderate exploit probability (EPSS 1.6%)
Affected products (1)
ProductAffected VersionsFix Status
MSC800: all< 4.04.0
Remediation & Mitigation
0/4
Do now
0/2
WORKAROUNDBlock or monitor inbound traffic to TCP ports 2111 and 2112 at the network firewall
HARDENINGEnsure MSC800 is not accessible from the Internet
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade MSC800 firmware to version 4.0 or later
Long-term hardening
0/1
HARDENINGIsolate the MSC800 and other control system devices from the business network using a firewall
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/4bce154b-b750-4ad3-8a20-bc308778cfbb
SICK MSC800 | CVSS 9.8 - OTPulse