CVE-2024-10025 (GCVE-0-2024-10025)

Vulnerability from cvelistv5 – Published: 2024-10-17 09:58 – Updated: 2024-10-17 16:33
VLAI?
Summary
A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an “Authorized Client” if the customer has not changed the default password.
Severity ?
9.1 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CWE
  • CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
Vendor Product Version
SICK AG SICK CLV6xx Affected: all versions
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:sick:lector611_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:lector610_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:lector620_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:lector621_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:lector622_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:lector630_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:lector632_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:lector640_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:lector642_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:lector650_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:lector651_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:lector654_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:clv620_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:clv621_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:clv622_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:clv630_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:clv631_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:clv632_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:clv640_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:clv642_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:clv650_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:clv651_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu610-10600_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu610-10601_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu610-10603_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu610-10604_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu610-10605_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu610-10607_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu610-10609_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu610-10610_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu610-10613_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu610-10614_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu610-10618_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu610-10700_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu620-10100_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu620-10101_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu620-10102_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu620-10103_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu620-10104_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu620-10105_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu620-10107_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu620-10108_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu620-10111_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu620-10114_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu620-10118_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu620-10400_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu620-10401_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu620-10500_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu620-10501_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu620-10503_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu620-10504_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu620-10507_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "rfu620-10507_firmware",
            "vendor": "sick",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-10025",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-17T13:41:03.974704Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-17T16:33:53.645Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "SICK CLV6xx",
          "vendor": "SICK AG",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SICK Lector6xx",
          "vendor": "SICK AG",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SICK RFx6xx",
          "vendor": "SICK AG",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        }
      ],
      "datePublic": "2024-10-17T09:44:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an \u201cAuthorized Client\u201d if the customer has not changed the default password."
            }
          ],
          "value": "A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an \u201cAuthorized Client\u201d if the customer has not changed the default password."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798 Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-17T09:58:03.111Z",
        "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "shortName": "SICK AG"
      },
      "references": [
        {
          "tags": [
            "x_SICK PSIRT Webseite"
          ],
          "url": "https://sick.com/psirt"
        },
        {
          "tags": [
            "x_ICS-CERT recommended practices on Industrial Security"
          ],
          "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
        },
        {
          "tags": [
            "x_SICK Operating Guidelines"
          ],
          "url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
        },
        {
          "tags": [
            "x_CVSS v3.1 Calculator"
          ],
          "url": "https://www.first.org/cvss/calculator/3.1"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0003.pdf"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_csaf"
          ],
          "url": "https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0003.json"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Customers are strongly advised to change their default passwords.\u003cbr\u003e"
            }
          ],
          "value": "Customers are strongly advised to change their default passwords."
        }
      ],
      "source": {
        "advisory": "sca-2024-0003",
        "discovery": "INTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-10-17T09:53:00.000Z",
          "value": "1: Initial version"
        }
      ],
      "title": "Vulnerability in SICK CLV6xx, SICK Lector6xx and SICK RFx6xx",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
    "assignerShortName": "SICK AG",
    "cveId": "CVE-2024-10025",
    "datePublished": "2024-10-17T09:58:03.111Z",
    "dateReserved": "2024-10-16T07:45:23.632Z",
    "dateUpdated": "2024-10-17T16:33:53.645Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an \\u201cAuthorized Client\\u201d if the customer has not changed the default password.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en el archivo .sdd permite a un atacante leer las contrase\\u00f1as predeterminadas almacenadas en texto plano dentro del c\\u00f3digo. Al explotar estas credenciales en texto plano, un atacante puede iniciar sesi\\u00f3n en los productos SICK afectados como un \\\"cliente autorizado\\\" si el cliente no ha cambiado la contrase\\u00f1a predeterminada.\"}]",
      "id": "CVE-2024-10025",
      "lastModified": "2024-10-18T12:52:33.507",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@sick.de\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H\", \"baseScore\": 9.1, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.2}]}",
      "published": "2024-10-17T10:15:03.127",
      "references": "[{\"url\": \"https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF\", \"source\": \"psirt@sick.de\"}, {\"url\": \"https://sick.com/psirt\", \"source\": \"psirt@sick.de\"}, {\"url\": \"https://www.cisa.gov/resources-tools/resources/ics-recommended-practices\", \"source\": \"psirt@sick.de\"}, {\"url\": \"https://www.first.org/cvss/calculator/3.1\", \"source\": \"psirt@sick.de\"}, {\"url\": \"https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0003.json\", \"source\": \"psirt@sick.de\"}, {\"url\": \"https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0003.pdf\", \"source\": \"psirt@sick.de\"}]",
      "sourceIdentifier": "psirt@sick.de",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"psirt@sick.de\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-798\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-10025\",\"sourceIdentifier\":\"psirt@sick.de\",\"published\":\"2024-10-17T10:15:03.127\",\"lastModified\":\"2024-10-18T12:52:33.507\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an \u201cAuthorized Client\u201d if the customer has not changed the default password.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en el archivo .sdd permite a un atacante leer las contrase\u00f1as predeterminadas almacenadas en texto plano dentro del c\u00f3digo. Al explotar estas credenciales en texto plano, un atacante puede iniciar sesi\u00f3n en los productos SICK afectados como un \\\"cliente autorizado\\\" si el cliente no ha cambiado la contrase\u00f1a predeterminada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@sick.de\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"psirt@sick.de\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-798\"}]}],\"references\":[{\"url\":\"https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF\",\"source\":\"psirt@sick.de\"},{\"url\":\"https://sick.com/psirt\",\"source\":\"psirt@sick.de\"},{\"url\":\"https://www.cisa.gov/resources-tools/resources/ics-recommended-practices\",\"source\":\"psirt@sick.de\"},{\"url\":\"https://www.first.org/cvss/calculator/3.1\",\"source\":\"psirt@sick.de\"},{\"url\":\"https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0003.json\",\"source\":\"psirt@sick.de\"},{\"url\":\"https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0003.pdf\",\"source\":\"psirt@sick.de\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-10025\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-17T13:41:03.974704Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:sick:lector611_firmware:*:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:lector610_firmware:*:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:lector620_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:lector621_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:lector622_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:lector630_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:lector632_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:lector640_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:lector642_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:lector650_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:lector651_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:lector654_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:clv620_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:clv621_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:clv622_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:clv630_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:clv631_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:clv632_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:clv640_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:clv642_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:clv650_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:clv651_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:rfu610-10600_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:rfu610-10601_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:rfu610-10603_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:rfu610-10604_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:rfu610-10605_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:rfu610-10607_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:rfu610-10609_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:rfu610-10610_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:rfu610-10613_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:rfu610-10614_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:rfu610-10618_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:rfu610-10700_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:rfu620-10100_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:rfu620-10101_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:rfu620-10102_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:rfu620-10103_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:rfu620-10104_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:rfu620-10105_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:rfu620-10107_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:rfu620-10108_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:rfu620-10111_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:rfu620-10114_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:rfu620-10118_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:rfu620-10400_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:rfu620-10401_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:rfu620-10500_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:rfu620-10501_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:rfu620-10503_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:rfu620-10504_firmware:-:*:*:*:*:*:*:*\", \"cpe:2.3:o:sick:rfu620-10507_firmware:-:*:*:*:*:*:*:*\"], \"vendor\": \"sick\", \"product\": \"rfu620-10507_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-17T13:46:41.657Z\"}}], \"cna\": {\"title\": \"Vulnerability in SICK CLV6xx, SICK Lector6xx and SICK RFx6xx\", \"source\": {\"advisory\": \"sca-2024-0003\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"SICK AG\", \"product\": \"SICK CLV6xx\", \"versions\": [{\"status\": \"affected\", \"version\": \"all versions\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"SICK AG\", \"product\": \"SICK Lector6xx\", \"versions\": [{\"status\": \"affected\", \"version\": \"all versions\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"SICK AG\", \"product\": \"SICK RFx6xx\", \"versions\": [{\"status\": \"affected\", \"version\": \"all versions\"}], \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-10-17T09:53:00.000Z\", \"value\": \"1: Initial version\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Customers are strongly advised to change their default passwords.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Customers are strongly advised to change their default passwords.\u003cbr\u003e\", \"base64\": false}]}], \"datePublic\": \"2024-10-17T09:44:00.000Z\", \"references\": [{\"url\": \"https://sick.com/psirt\", \"tags\": [\"x_SICK PSIRT Webseite\"]}, {\"url\": \"https://www.cisa.gov/resources-tools/resources/ics-recommended-practices\", \"tags\": [\"x_ICS-CERT recommended practices on Industrial Security\"]}, {\"url\": \"https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF\", \"tags\": [\"x_SICK Operating Guidelines\"]}, {\"url\": \"https://www.first.org/cvss/calculator/3.1\", \"tags\": [\"x_CVSS v3.1 Calculator\"]}, {\"url\": \"https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0003.pdf\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0003.json\", \"tags\": [\"vendor-advisory\", \"x_csaf\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an \\u201cAuthorized Client\\u201d if the customer has not changed the default password.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an \\u201cAuthorized Client\\u201d if the customer has not changed the default password.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-798\", \"description\": \"CWE-798 Use of Hard-coded Credentials\"}]}], \"providerMetadata\": {\"orgId\": \"a6863dd2-93fc-443d-bef1-79f0b5020988\", \"shortName\": \"SICK AG\", \"dateUpdated\": \"2024-10-17T09:58:03.111Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-10025\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-17T16:33:53.645Z\", \"dateReserved\": \"2024-10-16T07:45:23.632Z\", \"assignerOrgId\": \"a6863dd2-93fc-443d-bef1-79f0b5020988\", \"datePublished\": \"2024-10-17T09:58:03.111Z\", \"assignerShortName\": \"SICK AG\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.