{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en-US", "notes": [ { "audience": "all", "category": "summary", "text": "Microsoft disclosed a critical vulnerability in the way Microsoft Server Message Block 3.1.1 (SMBv3)\nhandles compressed connections. That may allow unauthenticated attackers to execute arbitrary code\non a vulnerable device.\nSince the MEAC central emission monitoring computer (EPC) acts as a SMB server to provide MEAC\nworkstations with access to the filesystem in distributed MEAC-systems, the devices are affected by\nthis vulnerability. Exploitation of this vulnerability could lead to remote code execution under login with\nadministrator privileges.", "title": "Summary" }, { "audience": "all", "category": "details", "text": "All MEAC2012 or MEAC300 computers that equipped with Windows 10 Version 1903 or 1909 are\naffected, regardless if they are operated in a distributed MEAC-system or not, as the SMB ports are\nset to open during the setup of the computers.", "title": "Affected Products" }, { "category": "general", "text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.", "title": "General Security Measures" }, { "category": "general", "text": "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.", "title": "Vulnerability Classification" } ], "publisher": { "category": "vendor", "contact_details": "psirt@sick.de", "issuing_authority": "SICK AG issues and issues in EHS products (when related to the Endress+Hauser SICK (EHS) joint venture).", "name": "SICK PSIRT", "namespace": "https://www.sick.com/psirt" }, "references": [ { "summary": "SICK PSIRT Security Advisories", "url": "https://sick.com/psirt" }, { "summary": "SICK Operating Guidelines", "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf" }, { "summary": "ICS-CERT recommended practices on Industrial Security", "url": "http://ics-cert.us-cert.gov/content/recommended-practices" }, { "summary": "CVSS v3.1 Calculator", "url": "https://www.first.org/cvss/calculator/3.1" }, { "category": "self", "summary": "The canonical URL.", "url": "https://www.sick.com/.well-known/csaf/white/2020/sca-2020-0003.json" } ], "title": "MEAC affected by Windows SMBv3 vulnerability", "tracking": { "current_release_date": "2020-08-07T10:00:00.000Z", "generator": { "date": "2023-02-09T14:30:39.946Z", "engine": { "name": "Secvisogram", "version": "2.0.0" } }, "id": "SCA-2020-0003", "initial_release_date": "2020-08-07T10:00:00.000Z", "revision_history": [ { "date": "2020-08-07T10:00:00.000Z", "number": "1", "summary": "Initial Release" }, { "date": "2023-02-09T11:00:00.000Z", "number": "2", "summary": "Updated Advisory (only visual changes)" }, { "number": "3", "date": "2025-07-30T07:27:40.000Z", "summary": "Updated Advisory: URL for SICK Operating Guidelines has been updated" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SICK MEAC2012 vers:all/*", "product_id": "CSAFPID-0001", "product_identification_helper": { "x_generic_uris": [ { "namespace": "SICK:Website", "uri": "SICK:Website:" } ] } } } ], "category": "product_name", "name": "MEAC2012" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SICK MEAC300 vers:all/*", "product_id": "CSAFPID-0002", "product_identification_helper": { "x_generic_uris": [ { "namespace": "SICK:Website", "uri": "SICK:Website:https://www.sick.com/de/de/p/p475070" } ] } } } ], "category": "product_name", "name": "MEAC300" } ], "category": "vendor", "name": "SICK AG" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Version 1903 & 1909", "product": { "name": "Microsoft Windows 10 Version 1903 & 1909", "product_id": "CSAFPID-0003" } } ], "category": "product_name", "name": "Windows 10" } ], "category": "vendor", "name": "Microsoft" } ], "relationships": [ { "category": "installed_on", "full_product_name": { "name": "SICK MEAC2012 with Microsoft Windows 10 Version 1903 & 1909", "product_id": "CSAFPID-0004" }, "product_reference": "CSAFPID-0003", "relates_to_product_reference": "CSAFPID-0001" }, { "category": "installed_on", "full_product_name": { "name": "SICK MEAC300 with Microsoft Windows 10 Version 1903 & 1909", "product_id": "CSAFPID-0005" }, "product_reference": "CSAFPID-0003", "relates_to_product_reference": "CSAFPID-0002" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-0796", "notes": [ { "category": "description", "text": "A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka ’Windows SMBv3 Client/Server Remote Code Execution Vulnerability’.", "title": "CVE Description" } ], "product_status": { "known_affected": [ "CSAFPID-0004", "CSAFPID-0005" ] }, "references": [ { "summary": "Microsoft Security Advisory", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796" } ], "remediations": [ { "category": "vendor_fix", "details": "This issue has been addressed in the Microsoft update for CVE-2020-0796.", "product_ids": [ "CSAFPID-0004", "CSAFPID-0005" ], "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv200005#ID0EUGAC" }, { "category": "mitigation", "details": "Should Microsoft's remediation not be possible, we recommend following the workaround suggested by Microsoft and operate the MEAC in a protected networking environment. Blocking TCP port 445 at the perimeter firewall of the network segment will help to protect systems that are behind that firewall from exploits of this vulnerability.", "product_ids": [ "CSAFPID-0004", "CSAFPID-0005" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-0004", "CSAFPID-0005" ] } ] } ] }