CVE-2023-3272 – This vulnerability in SICK ICR890-4 industrial ... (How to Fix)

Q: What is the severity of CVE-2023-3272?

CVE-2023-3272 has a CVSS score of 7.5 (HIGH). This vulnerability in SICK ICR890-4 industrial cameras allows attackers to intercept unencrypted network traffic containing sensitive information. Any organization using these devices with default configurations is affected, particularly those in industrial environments where the cameras transmit data over networks.

📋 TL;DR

This vulnerability in SICK ICR890-4 industrial cameras allows attackers to intercept unencrypted network traffic containing sensitive information. Any organization using these devices with default configurations is affected, particularly those in industrial environments where the cameras transmit data over networks.

💻 Affected Systems

Products:

SICK ICR890-4 industrial camera

Versions: All versions prior to patched firmware

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default configuration where network traffic is transmitted without encryption.

📦 What is this software?

Icr890 4 Firmware by Sick

View all CVEs affecting Icr890 4 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers intercept authentication credentials, configuration data, or sensitive operational information, leading to unauthorized access, industrial espionage, or disruption of industrial processes.

🟠

Likely Case

Attackers on the same network segment capture unencrypted data, potentially exposing device credentials, configuration details, or operational data that could be used for further attacks.

🟢

If Mitigated

With proper network segmentation and encryption controls, attackers cannot access the traffic, limiting exposure to authorized personnel only.

🌐 Internet-Facing: HIGH if devices are directly exposed to the internet without proper firewalling, as attackers can intercept traffic from anywhere.

🏢 Internal Only: MEDIUM as attackers would need internal network access, but industrial networks often have less segmentation than IT networks.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access to intercept traffic but no authentication to the device itself.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check SICK PSIRT for specific firmware versions

Vendor Advisory: https://sick.com/psirt

Restart Required: Yes

Instructions:

1. Download latest firmware from SICK support portal. 2. Backup current configuration. 3. Apply firmware update via web interface or maintenance tool. 4. Verify encryption is enabled in network settings.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate ICR890-4 cameras on separate VLAN with strict access controls

VPN Tunnel

all

Route all camera traffic through encrypted VPN tunnels

🧯 If You Can't Patch

Implement strict network segmentation to isolate cameras from untrusted networks
Deploy network encryption solutions like IPsec or TLS proxies for all camera communications

🔍 How to Verify

Check if Vulnerable:

Use network sniffing tools (Wireshark) on same network segment to check if camera traffic is unencrypted

Check Version:

Check firmware version in device web interface or via SICK maintenance software

Verify Fix Applied:

After patching, verify network traffic shows encrypted protocols (TLS/HTTPS) instead of cleartext

📡 Detection & Monitoring

Log Indicators:

Unusual network connections to camera ports
Multiple failed authentication attempts

Network Indicators:

Unencrypted traffic on camera ports (typically 80/443)
ARP spoofing or MITM activity near camera network

SIEM Query:

source_ip IN (camera_ips) AND protocol = 'HTTP' AND NOT is_encrypted = true

📊 Metadata

CVE ID: CVE-2023-3272

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-319

Published: July 10, 2023

Last Updated: November 21, 2024

🔗 References

https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json Vendor Advisory
https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf Vendor Advisory
https://sick.com/psirt Product
https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json Vendor Advisory
https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf Vendor Advisory
https://sick.com/psirt Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-3272, you might also want to check these: