CVE-2024-8751
HIGHSICK MSC800 < V4.26 and < S2.93.20 - Unauthenticated Denial of Service via Sopas ET IP Address Modification
Title source: llmDescription
A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product’s IP address over Sopas ET. This can lead to Denial of Service. Users are recommended to upgrade both MSC800 and MSC800 LFT to version V4.26 and S2.93.20 respectively which fixes this issue.
References (5)
Core 5
Core References
Various Sources x_sick psirt website
https://sick.com/psirt
Various Sources x_sick operating guidelines
https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF
Third Party Advisory, US Government Resource x_ics-cert recommended practices on industrial security
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
Various Sources x_cvss v3.1 calculator
https://www.first.org/cvss/calculator/3.1
Various Sources vendor-advisory
https://www.sick.com/.well-known/csaf/white/2024/
Scores
CVSS v3
7.5
EPSS
0.0068
EPSS Percentile
47.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-306
Status
published
Products (2)
SICK AG/SICK MSC800
S1.0 - <=S2.93.19
SICK AG/SICK MSC800
V1.0 - <=V4.25
Published
Sep 12, 2024
Tracked Since
Feb 18, 2026