{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "summary",
        "text": "Microsoft disclosed a critical vulnerability in the way ICMPv6 Router Advertisement packets are\nhandled on Windows 10 and Windows Server 2019. An attacker who successfully exploited this\nvulnerability could gain the ability to execute code on the target server or client.\nTo exploit this vulnerability, an attacker would have to send specially crafted ICMPv6 Router\nAdvertisement packets to a remote Windows computer.\n"
      },
      {
        "category": "details",
        "text": "All Package Analytics versions 4.0 to 4.1.2, which run on PCs containing the affected Windows OS,\nwill be affected.\nHowever there are instances of PA running on older versions of Windows such as Windows 7,\nWindows Server 2012 R2, Windows Server 2016 R2 which do not appear in the list of affected OS for\nthis issue."
      },
      {
        "category": "general",
        "text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.",
        "title": "General Security Measures"
      },
      {
        "category": "general",
        "text": "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.",
        "title": "Vulnerability Classification"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@sick.de",
      "issuing_authority": "SICK AG issues and issues in EHS products (when related to the Endress+Hauser SICK (EHS) joint venture).",
      "name": "SICK PSIRT",
      "namespace": "https://www.sick.com/psirt"
    },
    "references": [
      {
        "summary": "SICK PSIRT Security Advisories",
        "url": "https://sick.com/psirt"
      },
      {
        "summary": "SICK Operating Guidelines",
        "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
      },
      {
        "summary": "ICS-CERT recommended practices on Industrial Security",
        "url": "http://ics-cert.us-cert.gov/content/recommended-practices"
      },
      {
        "summary": "CVSS v3.1 Calculator",
        "url": "https://www.first.org/cvss/calculator/3.1"
      },
      {
        "category": "self",
        "summary": "The canonical URL.",
        "url": "https://www.sick.com/.well-known/csaf/white/2020/sca-2020-0005.json"
      }
    ],
    "title": "Package Analytics affected by Windows TCP/IP vulnerability",
    "tracking": {
      "current_release_date": "2020-10-29T11:00:00.000Z",
      "generator": {
        "date": "2023-02-09T14:42:29.970Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.0.0"
        }
      },
      "id": "SCA-2020-0005",
      "initial_release_date": "2020-10-29T11:00:00.000Z",
      "revision_history": [
        {
          "date": "2020-10-29T11:00:00.000Z",
          "number": "1",
          "summary": "Initial Release"
        },
        {
          "date": "2023-02-09T11:00:00.000Z",
          "number": "2",
          "summary": "Updated Advisory (only visual changes)"
        },
        {
          "number": "3",
          "date": "2025-07-30T07:27:40.000Z",
          "summary": "Updated Advisory: URL for SICK Operating Guidelines has been updated"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "4.0 up to 4.1.2",
                "product": {
                  "name": "SICK Package Analytics 4.0 up to 4.1.2",
                  "product_id": "CSAFPID-0001",
                  "product_identification_helper": {
                    "x_generic_uris": [
                      {
                        "namespace": "SICK:Website",
                        "uri": "SICK:Website:https://www.sick.com/de/de/p/p600146"
                      }
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Package Analytics"
          }
        ],
        "category": "vendor",
        "name": "SICK AG"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-16898",
      "notes": [
        {
          "category": "description",
          "text": "A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets, aka 'Windows TCP/IP Remote Code Execution Vulnerability'.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "summary": "Microsoft Security Advisory",
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16898"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "This issue is addressed in the Microsoft update for CVE-2020-16898.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16898"
        },
        {
          "category": "mitigation",
          "details": "If you find yourself in a situation where an update is not doable. Microsoft advises the following workarounds:\n\n<br />\n\n**Disable ICMPv6 RDNSS**: \n\nThe following workaround may be helpful in your situation. In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as they become available even if you plan to leave this workaround in place:\n\nYou can check your \\*INTERFACENUMBER\\* by running this command in a cmd:\n\n```cmd\nroute print\n```\n\nYou can disable ICMPv6 RDNSS, to prevent attackers from exploiting the vulnerability, with the PowerShell command below. This workaround is only available for Windows 1709 and above. See What's new in Windows Server 1709 for more information.\n\n```powershell\nnetsh int ipv6 set int *INTERFACENUMBER* rabaseddnsconfig=disable\n```\n**Note:** No reboot is needed after making the change.\n\n<br />\n\nYou can disable the workaround with the PowerShell command below.\n\n```powershell\nnetsh int ipv6 set int *INTERFACENUMBER* rabaseddnsconfig=enable\n```\n**Note:** No reboot is needed after disabling the workaround.\n\n<br />\n\nPackage Analytics has been verified to function without any issue and is compatible with the prescribed Microsoft update. No additional PA patches are necessary.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "PROOF_OF_CONCEPT",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}