{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE" } }, "lang": "en-US", "notes": [ { "audience": "all", "category": "summary", "text": "CVE-2021-4034 is a Local Privilege Escalation (LPE) vulnerability, located in the \"Polkit\" package \ninstalled by default on almost every major distribution of the Linux operating system.\n\nOn 2022-01-25, Qualys released an advisory for this LPE vulnerability, advising to either update the “Polkit” package or implement the mitigation that Qualys recommends.\n\nIn an air-gapped system SICK recommends all customers to implement at least the available mitigation for the corresponding Linux distribution. Please note, that this vulnerability can be exploited only if an user with unprivileged authorization can establish a connection to the systems. " }, { "category": "general", "text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.", "title": "General Security Measures" }, { "category": "general", "text": "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.", "title": "Vulnerability Classification" } ], "publisher": { "category": "vendor", "contact_details": "psirt@sick.de", "issuing_authority": "SICK AG issues and issues in EHS products (when related to the Endress+Hauser SICK (EHS) joint venture).", "name": "SICK PSIRT", "namespace": "https://www.sick.com/psirt" }, "references": [ { "summary": "SICK PSIRT Security Advisories", "url": "https://sick.com/psirt" }, { "summary": "SICK Operating Guidelines", "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf" }, { "summary": "ICS-CERT recommended practices on Industrial Security", "url": "http://ics-cert.us-cert.gov/content/recommended-practices" }, { "summary": "CVSS v3.1 Calculator", "url": "https://www.first.org/cvss/calculator/3.1" }, { "category": "self", "summary": "The canonical URL.", "url": "https://www.sick.com/.well-known/csaf/white/2022/sca-2022-0002.json" } ], "title": "PwnKit vulnerability affects multiple SICK IPCs", "tracking": { "current_release_date": "2022-02-23T16:00:00.000Z", "generator": { "date": "2023-02-10T09:01:25.481Z", "engine": { "name": "Secvisogram", "version": "2.0.0" } }, "id": "SCA-2022-0002", "initial_release_date": "2022-02-23T16:00:00.000Z", "revision_history": [ { "date": "2022-02-23T16:00:00.000Z", "number": "1", "summary": "Initial release" }, { "date": "2023-02-10T11:00:00.000Z", "number": "2", "summary": "Updated Advisory (only visual changes)" }, { "number": "3", "date": "2025-07-30T07:29:45.000Z", "summary": "Updated Advisory: URL for SICK Operating Guidelines has been updated" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SICK PC, MXE5401, M16G, 1TB, LINUX, CUSTOM all versions", "product_id": "CSAFPID-0001", "product_identification_helper": { "skus": [ "1111424" ] } } } ], "category": "product_name", "name": "PC, MXE5401, M16G, 1TB, LINUX, CUSTOM" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SICK PC, MXE5401, M16G, 2TB, C7 all versions", "product_id": "CSAFPID-0002", "product_identification_helper": { "skus": [ "1099249" ] } } } ], "category": "product_name", "name": "PC, MXE5401, M16G, 2TB, C7" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SICK PC, MXE5401, M16G, 1TB, C7 all versions", "product_id": "CSAFPID-0003", "product_identification_helper": { "skus": [ "1099248" ] } } } ], "category": "product_name", "name": "PC, MXE5401, M16G, 1TB, C7" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SICK PC, EOS1300, M16G, 1TB, C7 all versions", "product_id": "CSAFPID-0004", "product_identification_helper": { "skus": [ "1092516" ] } } } ], "category": "product_name", "name": "PC, EOS1300, M16G, 1TB, C7" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SICK PC, EOS1300, M16G, 2TB, C7 all versions", "product_id": "CSAFPID-0005", "product_identification_helper": { "skus": [ "1092517" ] } } } ], "category": "product_name", "name": "PC, EOS1300, M16G, 2TB, C7" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SICK PC, MXE-5401, SSCT, R0, 2TB all versions", "product_id": "CSAFPID-0006", "product_identification_helper": { "skus": [ "2084896", "2098056" ] } } } ], "category": "product_name", "name": "PC, MXE-5401, SSCT, R0, 2TB" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SICK PC, MXE-5401,R0,2TB,SS-X all versions", "product_id": "CSAFPID-0007", "product_identification_helper": { "skus": [ "2095232" ] } } } ], "category": "product_name", "name": "PC, MXE-5401,R0,2TB,SS-X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SICK PC, MXE-5401,R0,2TB,UDS-X all versions", "product_id": "CSAFPID-0008", "product_identification_helper": { "skus": [ "2104564" ] } } } ], "category": "product_name", "name": "PC, MXE-5401,R0,2TB,UDS-X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SICK PC, MXE-5321, SSXT, R0, 2TB all versions", "product_id": "CSAFPID-0009", "product_identification_helper": { "skus": [ "2084076" ] } } } ], "category": "product_name", "name": "PC, MXE-5321, SSXT, R0, 2TB" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SICK PC, MXE-5321, SSAT, R0, 2TB all versions", "product_id": "CSAFPID-0010", "product_identification_helper": { "skus": [ "2084077" ] } } } ], "category": "product_name", "name": "PC, MXE-5321, SSAT, R0, 2TB" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SICK PC, MXE-5321, UDS, R0, 2TB all versions", "product_id": "CSAFPID-0011", "product_identification_helper": { "skus": [ "2084078" ] } } } ], "category": "product_name", "name": "PC, MXE-5321, UDS, R0, 2TB" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SICK PC, MXE-5401, SSAT, R0, 2TB all versions", "product_id": "CSAFPID-0012", "product_identification_helper": { "skus": [ "2084897" ] } } } ], "category": "product_name", "name": "PC, MXE-5401, SSAT, R0, 2TB" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SICK PC, MXE-5401, UDS, R0, 2TB all versions", "product_id": "CSAFPID-0013", "product_identification_helper": { "skus": [ "2084898" ] } } } ], "category": "product_name", "name": "PC, MXE-5401, UDS, R0, 2TB" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SICK PC, MXE-5401, SP, R0,2TB all versions", "product_id": "CSAFPID-0014", "product_identification_helper": { "skus": [ "2099100" ] } } } ], "category": "product_name", "name": "PC, MXE-5401, SP, R0,2TB" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SICK PC-MXE 5401, CUSTOM, C6, 1TB all versions", "product_id": "CSAFPID-0015", "product_identification_helper": { "skus": [ "2056761" ] } } } ], "category": "product_name", "name": "PC-MXE 5401, CUSTOM, C6, 1TB" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SICK ERGO,DISP,KIT,C6X,CUSTOM all versions", "product_id": "CSAFPID-0016", "product_identification_helper": { "skus": [ "2087772" ] } } } ], "category": "product_name", "name": "ERGO,DISP,KIT,C6X,CUSTOM" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SICK PC, K700-SE-MS4X, M16G, 1TB all versions", "product_id": "CSAFPID-0017", "product_identification_helper": { "skus": [ "1122338" ] } } } ], "category": "product_name", "name": "PC, K700-SE-MS4X, M16G, 1TB" } ], "category": "vendor", "name": "SICK AG" } ], "full_product_names": [ { "name": "CentOS", "product_id": "CSAFPID-0018" }, { "name": "RedHat", "product_id": "CSAFPID-0019" }, { "name": "Ubuntu", "product_id": "CSAFPID-0020" } ], "relationships": [ { "category": "installed_on", "full_product_name": { "name": "SICK PC, MXE5401, M16G, 1TB, LINUX, CUSTOM all versions (CentOS)", "product_id": "CSAFPID-0021" }, "product_reference": "CSAFPID-0018", "relates_to_product_reference": "CSAFPID-0001" }, { "category": "installed_on", "full_product_name": { "name": "SICK PC, MXE5401, M16G, 2TB, C7 all versions (CentOS)", "product_id": "CSAFPID-0022" }, "product_reference": "CSAFPID-0018", "relates_to_product_reference": "CSAFPID-0002" }, { "category": "installed_on", "full_product_name": { "name": "SICK PC, MXE5401, M16G, 1TB, C7 all versions (CentOS)", "product_id": "CSAFPID-0023" }, "product_reference": "CSAFPID-0018", "relates_to_product_reference": "CSAFPID-0003" }, { "category": "installed_on", "full_product_name": { "name": "SICK PC, EOS1300, M16G, 1TB, C7 all versions (CentOS)", "product_id": "CSAFPID-0024" }, "product_reference": "CSAFPID-0018", "relates_to_product_reference": "CSAFPID-0004" }, { "category": "installed_on", "full_product_name": { "name": "SICK PC, EOS1300, M16G, 2TB, C7 all versions (CentOS)", "product_id": "CSAFPID-0025" }, "product_reference": "CSAFPID-0018", "relates_to_product_reference": "CSAFPID-0005" }, { "category": "installed_on", "full_product_name": { "name": "SICK PC, MXE-5401,R0,2TB,SS-X all versions (RedHat)", "product_id": "CSAFPID-0026" }, "product_reference": "CSAFPID-0019", "relates_to_product_reference": "CSAFPID-0006" }, { "category": "installed_on", "full_product_name": { "name": "SICK PC, MXE-5401,R0,2TB,UDS-X all versions (RedHat)", "product_id": "CSAFPID-0027" }, "product_reference": "CSAFPID-0019", "relates_to_product_reference": "CSAFPID-0007" }, { "category": "installed_on", "full_product_name": { "name": "SICK PC, MXE-5321, SSXT, R0, 2TB all versions (RedHat)", "product_id": "CSAFPID-0028" }, "product_reference": "CSAFPID-0019", "relates_to_product_reference": "CSAFPID-0008" }, { "category": "installed_on", "full_product_name": { "name": "SICK PC, MXE-5321, SSAT, R0, 2TB all versions (RedHat)", "product_id": "CSAFPID-0029" }, "product_reference": "CSAFPID-0019", "relates_to_product_reference": "CSAFPID-0009" }, { "category": "installed_on", "full_product_name": { "name": "SICK PC, MXE-5321, UDS, R0, 2TB all versions (RedHat)", "product_id": "CSAFPID-0030" }, "product_reference": "CSAFPID-0019", "relates_to_product_reference": "CSAFPID-0010" }, { "category": "installed_on", "full_product_name": { "name": "SICK PC, MXE-5401, SSAT, R0, 2TB all versions (RedHat)", "product_id": "CSAFPID-0031" }, "product_reference": "CSAFPID-0019", "relates_to_product_reference": "CSAFPID-0011" }, { "category": "installed_on", "full_product_name": { "name": "SICK PC, MXE-5401, UDS, R0, 2TB all versions (RedHat)", "product_id": "CSAFPID-0032" }, "product_reference": "CSAFPID-0019", "relates_to_product_reference": "CSAFPID-0012" }, { "category": "installed_on", "full_product_name": { "name": "SICK PC, MXE-5401, SSCT, R0, 2TB all versions (RedHat)", "product_id": "CSAFPID-0033" }, "product_reference": "CSAFPID-0019", "relates_to_product_reference": "CSAFPID-0013" }, { "category": "installed_on", "full_product_name": { "name": "SICK PC, MXE-5401, SP, R0,2TB all versions (RedHat)", "product_id": "CSAFPID-0034" }, "product_reference": "CSAFPID-0019", "relates_to_product_reference": "CSAFPID-0014" }, { "category": "installed_on", "full_product_name": { "name": "SICK PC-MXE 5401, CUSTOM, C6, 1TB all versions (CentOS)", "product_id": "CSAFPID-0035" }, "product_reference": "CSAFPID-0018", "relates_to_product_reference": "CSAFPID-0015" }, { "category": "installed_on", "full_product_name": { "name": "SICK ERGO,DISP,KIT,C6X,CUSTOM all versions (CentOS)", "product_id": "CSAFPID-0036" }, "product_reference": "CSAFPID-0018", "relates_to_product_reference": "CSAFPID-0016" }, { "category": "installed_on", "full_product_name": { "name": "SICK PC, K700-SE-MS4X, M16G, 1TB all versions (Ubuntu)", "product_id": "CSAFPID-0037" }, "product_reference": "CSAFPID-0020", "relates_to_product_reference": "CSAFPID-0017" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-4034", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-01-31T16:00:00.000Z", "notes": [ { "category": "description", "text": "The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to \nexecute environment variables as commands. An attacker can leverage this by crafting environment \nvariables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the \nattack can cause a local privilege escalation given unprivileged users administrative rights on the \ntarget machine." } ], "product_status": { "fixed": [ "CSAFPID-0021", "CSAFPID-0022", "CSAFPID-0023", "CSAFPID-0024", "CSAFPID-0025", "CSAFPID-0026", "CSAFPID-0027", "CSAFPID-0028", "CSAFPID-0029", "CSAFPID-0030", "CSAFPID-0031", "CSAFPID-0032", "CSAFPID-0033", "CSAFPID-0034", "CSAFPID-0035", "CSAFPID-0036", "CSAFPID-0037" ] }, "references": [ { "summary": "Qualys Advisory", "url": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt" } ], "remediations": [ { "category": "vendor_fix", "date": "2022-02-23T16:00:00.000Z", "details": "Update to newest version", "product_ids": [ "CSAFPID-0021", "CSAFPID-0022", "CSAFPID-0023", "CSAFPID-0024", "CSAFPID-0025", "CSAFPID-0026", "CSAFPID-0027", "CSAFPID-0028", "CSAFPID-0029", "CSAFPID-0030", "CSAFPID-0031", "CSAFPID-0032", "CSAFPID-0033", "CSAFPID-0034", "CSAFPID-0035", "CSAFPID-0036", "CSAFPID-0037" ] }, { "category": "mitigation", "details": "- In case your SICK IPC for Analytics has been set up normally, without a “kiosk” mode:\n\n - Log in as the \\ user (credentials will be supplied separately).\n\n - Start the \\ app.\n\n - At the command prompt, enter the following command: \\\n\n - Log out from \\\n\n- In case your SICK IPC for Analytics has been set up in “kiosk” mode:\n\n Note: In this below example, the OS is assumed to be CentOS 6.8 running a Gnome 2.28.2 GUI with SICK Package Analytics pre-installed and running on Kiosk mode.\n\n - These instructions start from the default kiosk-mode display of Package analytics.\n \n - Press \\ on the keyboard. This will bring up the desktop for the \\ user.\n\n - Select the green “running man” icon in the upper right.\n\n - Select \\ in the dialog box.\n\n - In the ensuing dialog, press \\. It’s on a timer, so this step has to be done quickly.\n\n - This brings up a display that allows the user to log in to other accounts. Select \\.\n\n - Enter \\ as the username.\n\n - Enter the root password. Note this will be provided in a separate email.\n\n - This brings up the root desktop. Click on the black terminal icon at the top of the display to bring up the command line prompt.\n\n - At the command line, enter the following command: \\\n\n - Click on the \\ in the upper right to close the terminal window.\n\n - As before click on the “running man” icon at the top of the display to bring up the logout screen.\n \n - Select \\ in the ensuing dialogue.\n\nThis completes the process. The system will automatically back in as the guest kiosk user.", "product_ids": [ "CSAFPID-0021", "CSAFPID-0022", "CSAFPID-0023", "CSAFPID-0024", "CSAFPID-0025", "CSAFPID-0026", "CSAFPID-0027", "CSAFPID-0028", "CSAFPID-0029", "CSAFPID-0030", "CSAFPID-0031", "CSAFPID-0032", "CSAFPID-0033", "CSAFPID-0034", "CSAFPID-0035", "CSAFPID-0036", "CSAFPID-0037" ], "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001#mitigation" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-0021", "CSAFPID-0022", "CSAFPID-0023", "CSAFPID-0024", "CSAFPID-0025", "CSAFPID-0026", "CSAFPID-0027", "CSAFPID-0028", "CSAFPID-0029", "CSAFPID-0030", "CSAFPID-0031", "CSAFPID-0032", "CSAFPID-0033", "CSAFPID-0034", "CSAFPID-0035", "CSAFPID-0036", "CSAFPID-0037" ] } ], "title": "CVE-2021-4034 Out-of-bounds Write" } ] }