SICK Lector8xx and InspectorP8xx Command Injection Vulnerability
Vulnerability
A vulnerability exists in the SICK Lector8xx and InspectorP8xx products, specifically in certain firmware versions, that may allow a remote attacker with low privileges to execute arbitrary shell commands. This can be achieved by manipulating the firmware file and uploading it to the device, or by using lower-level functions to interact with the device. The vulnerability arises from improper enforcement of message integrity during transmission, which could be exploited to inject commands that the device would execute.
Impact
Exploitation of this vulnerability could lead to unauthorized command execution on the affected device, potentially allowing an attacker to manipulate the device's functions or access sensitive information.
Remediation
Users are strongly recommended to upgrade to the latest release of the Lector8xx (version 2.4.0 or later) and the InspectorP8xx (version 3.11.1 or later). After upgrading, it is advisable to set a secure password, following the operating instructions available in the reference section.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.