CVE-2024-10774

Summary

Unauthenticated CROWN APIs allow access to critical functions. This leads to the accessibility of large parts of the web application without authentication.

Affected Software

VendorProductVersion RangeStatus
SICK AGSICK InspectorP61x0 < <5.0.0affected
SICK AGSICK InspectorP62x0 < <5.0.0affected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

Workarounds

For InspectorP61x and InspectorP62x:

Customers are strongly recommended to upgrade to the latest release. Furthermore, the app development for which the CROWN API is required should be done in a trusted environment. As soon as the device is used productively with the custom-developed apps, the CROWN API should be deactivated.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References