28 June 2019

Critical vulnerability in SICK MSC800 PLC

The CVE-2019-10979 vulnerability, which is caused by the use of hard-coded credentials, has been identified in SICK MSC800 programmable logic controllers (all versions prior to Version 4.0). If successfully exploited, the vulnerability could allow a remote attacker to reconfigure settings and/or disrupt the functionality of the device.

A CVSS v.3 base score of 9.8 has been calculated for this vulnerability.

To address the vulnerability, the vendor recommends that all affected users update to the latest firmware version (v4.0).