CVE-2024-11075 (GCVE-0-2024-11075)
Vulnerability from cvelistv5 – Published: 2024-11-19 13:13 – Updated: 2024-11-19 14:13
VLAI?
Summary
A vulnerability in the Incoming Goods Suite allows a user with unprivileged access to the underlying system (e.g. local or via SSH) a privilege escalation to the administrative level due to the usage of component vendor Docker images running with root permissions. Exploiting this misconfiguration leads to the fact that an attacker can gain administrative control. over the whole system.
Severity ?
8.8 (High)
CWE
- CWE-250 - Execution with Unnecessary Privileges
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SICK AG | SICK Incoming Goods Suite |
Affected:
1.0.0
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sick_ag:incoming_goods_suite:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "incoming_goods_suite",
"vendor": "sick_ag",
"versions": [
{
"status": "affected",
"version": "1.0.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11075",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T14:11:17.363737Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T14:13:07.706Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SICK Incoming Goods Suite",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "1.0.0"
}
]
}
],
"datePublic": "2024-11-18T23:32:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in the Incoming Goods Suite allows a user with unprivileged access to the underlying system (e.g. local or via SSH) a privilege escalation to the administrative level due to the usage of component vendor Docker images running with root permissions. Exploiting this misconfiguration leads to the fact that an attacker can gain administrative control. over the whole system.\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A vulnerability in the Incoming Goods Suite allows a user with unprivileged access to the underlying system (e.g. local or via SSH) a privilege escalation to the administrative level due to the usage of component vendor Docker images running with root permissions. Exploiting this misconfiguration leads to the fact that an attacker can gain administrative control. over the whole system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T13:13:00.565Z",
"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"shortName": "SICK AG"
},
"references": [
{
"tags": [
"x_SICK PSIRT Website"
],
"url": "https://sick.com/psirt"
},
{
"tags": [
"x_SICK Operating Guidelines"
],
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"tags": [
"x_ICS-CERT recommended practices on Industrial Security"
],
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"tags": [
"x_CVSS v3.1 Calculator"
],
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0005.pdf"
},
{
"tags": [
"vendor-advisory",
"x_csaf"
],
"url": "https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0005.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eCustomers are strongly recommended to upgrade to the latest release 1.1.0. In addition, we recommend running the Docker daemon and container runtime in rootless mode. It is necessary to set the DOCKER_USER_ID and the DOCKER_GROUP_ID in the environment. Then the Docker socket can run as a non-root user when setting the path DOCKER_SOCKET_PATH=/run/user/${DOCKER_USER_ID}/docker.sock.\u003c/div\u003e\n\n\u003cbr\u003e"
}
],
"value": "Customers are strongly recommended to upgrade to the latest release 1.1.0. In addition, we recommend running the Docker daemon and container runtime in rootless mode. It is necessary to set the DOCKER_USER_ID and the DOCKER_GROUP_ID in the environment. Then the Docker socket can run as a non-root user when setting the path DOCKER_SOCKET_PATH=/run/user/${DOCKER_USER_ID}/docker.sock."
}
],
"source": {
"advisory": "sca-2024-0005",
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-11-19T12:44:00.000Z",
"value": "1: Inital version"
}
],
"title": "SICK Incoming Goods Suite privilege escalation vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"assignerShortName": "SICK AG",
"cveId": "CVE-2024-11075",
"datePublished": "2024-11-19T13:13:00.565Z",
"dateReserved": "2024-11-11T09:08:53.239Z",
"dateUpdated": "2024-11-19T14:13:07.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in the Incoming Goods Suite allows a user with unprivileged access to the underlying system (e.g. local or via SSH) a privilege escalation to the administrative level due to the usage of component vendor Docker images running with root permissions. Exploiting this misconfiguration leads to the fact that an attacker can gain administrative control. over the whole system.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en Incoming Goods Suite permite a un usuario con acceso sin privilegios al sistema subyacente (por ejemplo, local o a trav\\u00e9s de SSH) una escalada de privilegios al nivel administrativo debido al uso de im\\u00e1genes Docker del proveedor de componentes que se ejecutan con permisos de superusuario. La explotaci\\u00f3n de esta configuraci\\u00f3n incorrecta permite que un atacante obtenga control administrativo sobre todo el sistema.\"}]",
"id": "CVE-2024-11075",
"lastModified": "2024-11-19T21:57:32.967",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@sick.de\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.0, \"impactScore\": 6.0}]}",
"published": "2024-11-19T14:15:17.340",
"references": "[{\"url\": \"https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF\", \"source\": \"psirt@sick.de\"}, {\"url\": \"https://sick.com/psirt\", \"source\": \"psirt@sick.de\"}, {\"url\": \"https://www.cisa.gov/resources-tools/resources/ics-recommended-practices\", \"source\": \"psirt@sick.de\"}, {\"url\": \"https://www.first.org/cvss/calculator/3.1\", \"source\": \"psirt@sick.de\"}, {\"url\": \"https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0005.json\", \"source\": \"psirt@sick.de\"}, {\"url\": \"https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0005.pdf\", \"source\": \"psirt@sick.de\"}]",
"sourceIdentifier": "psirt@sick.de",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"psirt@sick.de\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-250\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-11075\",\"sourceIdentifier\":\"psirt@sick.de\",\"published\":\"2024-11-19T14:15:17.340\",\"lastModified\":\"2024-11-19T21:57:32.967\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the Incoming Goods Suite allows a user with unprivileged access to the underlying system (e.g. local or via SSH) a privilege escalation to the administrative level due to the usage of component vendor Docker images running with root permissions. Exploiting this misconfiguration leads to the fact that an attacker can gain administrative control. over the whole system.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en Incoming Goods Suite permite a un usuario con acceso sin privilegios al sistema subyacente (por ejemplo, local o a trav\u00e9s de SSH) una escalada de privilegios al nivel administrativo debido al uso de im\u00e1genes Docker del proveedor de componentes que se ejecutan con permisos de superusuario. La explotaci\u00f3n de esta configuraci\u00f3n incorrecta permite que un atacante obtenga control administrativo sobre todo el sistema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@sick.de\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.0,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"psirt@sick.de\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-250\"}]}],\"references\":[{\"url\":\"https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF\",\"source\":\"psirt@sick.de\"},{\"url\":\"https://sick.com/psirt\",\"source\":\"psirt@sick.de\"},{\"url\":\"https://www.cisa.gov/resources-tools/resources/ics-recommended-practices\",\"source\":\"psirt@sick.de\"},{\"url\":\"https://www.first.org/cvss/calculator/3.1\",\"source\":\"psirt@sick.de\"},{\"url\":\"https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0005.json\",\"source\":\"psirt@sick.de\"},{\"url\":\"https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0005.pdf\",\"source\":\"psirt@sick.de\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-11075\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-19T14:11:17.363737Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:sick_ag:incoming_goods_suite:*:*:*:*:*:*:*:*\"], \"vendor\": \"sick_ag\", \"product\": \"incoming_goods_suite\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.0\"}], \"defaultStatus\": \"unaffected\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-19T14:13:03.268Z\"}}], \"cna\": {\"title\": \"SICK Incoming Goods Suite privilege escalation vulnerability\", \"source\": {\"advisory\": \"sca-2024-0005\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"SICK AG\", \"product\": \"SICK Incoming Goods Suite\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.0\"}], \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-11-19T12:44:00.000Z\", \"value\": \"1: Inital version\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Customers are strongly recommended to upgrade to the latest release 1.1.0. In addition, we recommend running the Docker daemon and container runtime in rootless mode. It is necessary to set the DOCKER_USER_ID and the DOCKER_GROUP_ID in the environment. Then the Docker socket can run as a non-root user when setting the path DOCKER_SOCKET_PATH=/run/user/${DOCKER_USER_ID}/docker.sock.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cdiv\u003eCustomers are strongly recommended to upgrade to the latest release 1.1.0. In addition, we recommend running the Docker daemon and container runtime in rootless mode. It is necessary to set the DOCKER_USER_ID and the DOCKER_GROUP_ID in the environment. Then the Docker socket can run as a non-root user when setting the path DOCKER_SOCKET_PATH=/run/user/${DOCKER_USER_ID}/docker.sock.\u003c/div\u003e\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"datePublic\": \"2024-11-18T23:32:00.000Z\", \"references\": [{\"url\": \"https://sick.com/psirt\", \"tags\": [\"x_SICK PSIRT Website\"]}, {\"url\": \"https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF\", \"tags\": [\"x_SICK Operating Guidelines\"]}, {\"url\": \"https://www.cisa.gov/resources-tools/resources/ics-recommended-practices\", \"tags\": [\"x_ICS-CERT recommended practices on Industrial Security\"]}, {\"url\": \"https://www.first.org/cvss/calculator/3.1\", \"tags\": [\"x_CVSS v3.1 Calculator\"]}, {\"url\": \"https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0005.pdf\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0005.json\", \"tags\": [\"vendor-advisory\", \"x_csaf\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the Incoming Goods Suite allows a user with unprivileged access to the underlying system (e.g. local or via SSH) a privilege escalation to the administrative level due to the usage of component vendor Docker images running with root permissions. Exploiting this misconfiguration leads to the fact that an attacker can gain administrative control. over the whole system.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A vulnerability in the Incoming Goods Suite allows a user with unprivileged access to the underlying system (e.g. local or via SSH) a privilege escalation to the administrative level due to the usage of component vendor Docker images running with root permissions. Exploiting this misconfiguration leads to the fact that an attacker can gain administrative control. over the whole system.\\n\\n\u003cp\u003e\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-250\", \"description\": \"CWE-250 Execution with Unnecessary Privileges\"}]}], \"providerMetadata\": {\"orgId\": \"a6863dd2-93fc-443d-bef1-79f0b5020988\", \"shortName\": \"SICK AG\", \"dateUpdated\": \"2024-11-19T13:13:00.565Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-11075\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-19T14:13:07.706Z\", \"dateReserved\": \"2024-11-11T09:08:53.239Z\", \"assignerOrgId\": \"a6863dd2-93fc-443d-bef1-79f0b5020988\", \"datePublished\": \"2024-11-19T13:13:00.565Z\", \"assignerShortName\": \"SICK AG\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…