CVE-2024-10776

Summary

Lua apps can be deployed, removed, started, reloaded or stopped without authorization via AppManager. This allows an attacker to remove legitimate apps creating a DoS attack, read and write files or load apps that use all features of the product available to a customer.

Affected Software

VendorProductVersion RangeStatus
SICK AGSICK InspectorP61x0 < <5.0.0affected
SICK AGSICK InspectorP62x0 < <5.0.0affected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

Workarounds

Customers are strongly recommended to upgrade to the latest release. Furthermore, the app development should be done in a trusted environment. After the development, app management should be disabled

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References