CVE-2024-10025
Vulnerability in SICK CLV6xx, SICK Lector6xx and SICK RFx6xx
Severity Score
9.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an “Authorized Client” if the customer has not changed the default password.
Una vulnerabilidad en el archivo .sdd permite a un atacante leer las contraseñas predeterminadas almacenadas en texto plano dentro del código. Al explotar estas credenciales en texto plano, un atacante puede iniciar sesión en los productos SICK afectados como un "cliente autorizado" si el cliente no ha cambiado la contraseña predeterminada.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-10-16 CVE Reserved
- 2024-10-17 CVE Published
- 2024-10-17 CVE Updated
- 2024-10-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-798: Use of Hard-coded Credentials
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF | X_sick Operating Guidelines | |
| https://sick.com/psirt | X_sick Psirt Webseite | |
| https://www.cisa.gov/resources-tools/resources/ics-recommended-practices | X_ics Cert Recommended Practices On Industrial Security | |
| https://www.first.org/cvss/calculator/3.1 | X_cvss V3.1 Calculator |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0003.json | 2024-10-17 | |
| https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0003.pdf | 2024-10-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| SICK AG Search vendor "SICK AG" | SICK CLV6xx Search vendor "SICK AG" for product "SICK CLV6xx" | <= Search vendor "SICK AG" for product "SICK CLV6xx" and version " <= " | en |
Affected
| ||||||
| SICK AG Search vendor "SICK AG" | SICK Lector6xx Search vendor "SICK AG" for product "SICK Lector6xx" | <= Search vendor "SICK AG" for product "SICK Lector6xx" and version " <= " | en |
Affected
| ||||||
| SICK AG Search vendor "SICK AG" | SICK RFx6xx Search vendor "SICK AG" for product "SICK RFx6xx" | <= Search vendor "SICK AG" for product "SICK RFx6xx" and version " <= " | en |
Affected
| ||||||