CVE-2024-10025

Summary

A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an “Authorized Client” if the customer has not changed the default password.

Affected Software

VendorProductVersion RangeStatus
SICK AGSICK CLV6xxall versionsaffected
SICK AGSICK Lector6xxall versionsaffected
SICK AGSICK RFx6xxall versionsaffected

Weaknesses

  • CWE-798: CWE-798 Use of Hard-coded Credentials

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References