Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Hardcoded Credentials Expose SICK Controllers to Remote Attacks

A researcher has discovered that remote hackers could reconfigure or disrupt MSC800 modular system controllers from Germany-based sensor maker SICK due to the existence of hardcoded credentials.

A researcher has discovered that remote hackers could reconfigure or disrupt MSC800 modular system controllers from Germany-based sensor maker SICK due to the existence of hardcoded credentials.

The affected controllers, which according to the U.S. Department of Homeland Security (DHS) are used worldwide, particularly in the critical manufacturing sector, are affected by a critical vulnerability tracked as CVE-2019-10979.

SICK controller

The issue is related to the existence of hardcoded credentials in the firmware of affected products, allowing a low-skilled attacker to remotely reconfigure the controller’s settings or disrupt its functionality.

In an advisory published recently, SICK said it was not aware of any public exploits specifically targeting this vulnerability.

The hardcoded credentials exist in MSC800 controllers running versions of the firmware prior to 4.0, which patches the flaw.


Advertisement. Scroll to continue reading.

Learn More About Flaws in Industrial Products at SecurityWeek’s 2019 ICS Cyber Security Conference

According to SICK, version 4.0 of the firmware allows users to change the default password and prevent configuring the device over network interfaces, which can be particularly useful for critical infrastructure organizations.

“As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment,” SICK said.

Tri Quach of Amazon’s Customer Fulfillment Technology Security (CFTS) has been credited for finding and reporting the vulnerability to the DHS’s National Cybersecurity & Communications Integration Center (NCCIC).

Related: Two Vulnerabilities Expose Rockwell Controllers to DoS Attacks

Related: Flaw in Schneider PLC Allows Significant Disruption to ICS

Related: Flaw Exposes Mitsubishi PLCs to Remote DoS Attacks

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

BlueVoyant has appointed Ravi Subramanian as CFO and Jamie Coleman as CCO.

Solana Foundation has appointed Michael Coates as Chief Information Security Officer.

Michael Sikorski has joined Coinbase as Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.