CVE-2020-2075

moderate-risk
Published 2020-08-31

Platform mechanism AutoIP allows remote attackers to reboot the device via a crafted packet in SICK AG solutions Bulkscan LMS111, Bulkscan LMS511, CLV62x – CLV65x, ICR890-3, LMS10x, LMS11x, LMS15x, LMS12x, LMS13x, LMS14x, LMS5xx, LMS53x, MSC800, RFH.

Do I need to act?

-
0.22% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (20)

Lms111 Firmware
Lms511 Firmware
Clv620 Firmware
Clv622 Firmware
Clv621 Firmware
Icr890-3 Firmware
Msc800 Firmware
Rfh Firmware
Clv650 Firmware
Clv651 Firmware
Clv631 Firmware
Clv630 Firmware
Clv632 Firmware
Clv640 Firmware
Clv642 Firmware
Lms100 Firmware
Lms101 Firmware
Lms153 Firmware
Lms151 Firmware
Lms133 Firmware

Affected Vendors

Sick

References (2)

Vendor Advisory https://www.sick.com/de/en/service-and-support/the-sick-product-security-inciden...
Vendor Advisory https://www.sick.com/de/en/service-and-support/the-sick-product-security-inciden...
49
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 1/34 · Minimal
Exposure 22/34 · High