CVE-2024-8751
📋 TL;DR
An unauthenticated attacker can modify the IP address of MSC800 devices via Sopas ET protocol, causing denial of service by making devices unreachable. This affects all MSC800 and MSC800 LFT devices running vulnerable versions. Industrial control systems using these SICK sensors are at risk.
💻 Affected Systems
- SICK MSC800
- SICK MSC800 LFT
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Critical industrial processes fail due to sensor communication loss, potentially causing safety incidents, production downtime, or equipment damage.
Likely Case
Targeted devices become unreachable on the network, requiring physical access to restore connectivity and causing operational disruption.
If Mitigated
Network segmentation prevents exploitation attempts, limiting impact to isolated network segments.
🎯 Exploit Status
Exploitation requires network access to Sopas ET port (default 2111/2112) but no authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: V4.26 for MSC800, S2.93.20 for MSC800 LFT
Vendor Advisory: https://sick.com/psirt
Restart Required: Yes
Instructions:
1. Download firmware from SICK customer portal. 2. Backup current configuration. 3. Apply firmware update via SOPAS ET or web interface. 4. Restart device. 5. Restore configuration if needed.
🔧 Temporary Workarounds
Network Segmentation
allIsolate MSC800 devices in separate VLANs with strict firewall rules blocking unauthorized access to Sopas ET ports.
Access Control Lists
allImplement network ACLs to restrict access to port 2111/2112 only to authorized management stations.
🧯 If You Can't Patch
- Physically isolate vulnerable devices from untrusted networks
- Implement strict network monitoring for unauthorized access attempts to port 2111/2112
🔍 How to Verify
Check if Vulnerable:
Check device firmware version via SOPAS ET software or web interface; compare against patched versions.Check Version:
Use SOPAS ET 'Device Information' function or access web interface status pageVerify Fix Applied:
Confirm firmware version shows V4.26 or higher for MSC800, S2.93.20 or higher for MSC800 LFT.📡 Detection & Monitoring
Log Indicators:
- Unauthorized connection attempts to port 2111/2112
- Unexpected IP address changes in device logs
Network Indicators:
- Unusual traffic to port 2111/2112 from unauthorized sources
- SOPAS ET protocol traffic from unexpected IPs
SIEM Query:
source_port:2111 OR source_port:2112 OR destination_port:2111 OR destination_port:2112 | stats count by src_ip, dest_ip