Оглавление:

28 June 2019

Critical vulnerability in SICK MSC800 PLC

The CVE-2019-10979 vulnerability, which is caused by the use of hard-coded credentials, has been identified in SICK MSC800 programmable logic controllers (all versions prior to Version 4.0). If successfully exploited, the vulnerability could allow a remote attacker to reconfigure settings and/or disrupt the functionality of the device.

A CVSS v.3 base score of 9.8 has been calculated for this vulnerability.

To address the vulnerability, the vendor recommends that all affected users update to the latest firmware version (v4.0).

Sources: ICS-CERT, SICK