CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11075 – SICK Incoming Goods Suite privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-11075
A vulnerability in the Incoming Goods Suite allows a user with unprivileged access to the underlying system (e.g. local or via SSH) a privilege escalation to the administrative level due to the usage of component vendor Docker images running with root permissions. Exploiting this misconfiguration leads to the fact that an attacker can gain administrative control. over the whole system. • https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF https://sick.com/psirt https://www.cisa.gov/resources-tools/resources/ics-recommended-practices https://www.first.org/cvss/calculator/3.1 https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0005.json https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0005.pdf • CWE-250: Execution with Unnecessary Privileges •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-10025 – Vulnerability in SICK CLV6xx, SICK Lector6xx and SICK RFx6xx
https://notcve.org/view.php?id=CVE-2024-10025
A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an “Authorized Client” if the customer has not changed the default password. Una vulnerabilidad en el archivo .sdd permite a un atacante leer las contraseñas predeterminadas almacenadas en texto plano dentro del código. Al explotar estas credenciales en texto plano, un atacante puede iniciar sesión en los productos SICK afectados como un "cliente autorizado" si el cliente no ha cambiado la contraseña predeterminada. • https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF https://sick.com/psirt https://www.cisa.gov/resources-tools/resources/ics-recommended-practices https://www.first.org/cvss/calculator/3.1 https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0003.json https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0003.pdf • CWE-798: Use of Hard-coded Credentials •