CVE-2024-10025
9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Summary
A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an “Authorized Client” if the customer has not changed the default password.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SICK AG | SICK CLV6xx | all versions | affected |
| SICK AG | SICK Lector6xx | all versions | affected |
| SICK AG | SICK RFx6xx | all versions | affected |
Weaknesses
- CWE-798: CWE-798 Use of Hard-coded Credentials
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://sick.com/psirt
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
- https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF
- https://www.first.org/cvss/calculator/3.1
- https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0003.pdf
- https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0003.json
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.