SCA-2024-0003

Vulnerability from csaf_sick - Published: 2024-10-17 13:00 - Updated: 2024-10-17 13:00
Summary
Critical vulnerability in multiple SICK products

Notes

summary
A critical vulnerability has been discovered in the .sdd files of several SICK products. This vulnerability could allow a remote, unauthenticated attacker to gain access to the "Authorized Client" user role, potentially impacting the availability and integrity of the affected SICK products. Users are strongly urged to change their default passwords immediately.
General Security Measures
As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.
Vulnerability Classification
SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.
To clipboard 

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "summary",
        "text": "A critical vulnerability has been discovered in the .sdd files of several SICK products. This vulnerability could allow a remote, unauthenticated attacker to gain access to the \"Authorized Client\" user role, potentially impacting the availability and integrity of the affected SICK products.\nUsers are strongly urged to change their default passwords immediately.",
        "title": "summary"
      },
      {
        "category": "general",
        "text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.",
        "title": "General Security Measures"
      },
      {
        "category": "general",
        "text": "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer\u2019s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.",
        "title": "Vulnerability Classification"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@sick.de",
      "issuing_authority": "SICK PSIRT is responsible for any vulnerabilities related to SICK products.",
      "name": "SICK PSIRT",
      "namespace": "https://www.sick.com/psirt"
    },
    "references": [
      {
        "summary": "SICK PSIRT Security Advisories",
        "url": "https://sick.com/psirt"
      },
      {
        "summary": "SICK Operating Guidelines",
        "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
      },
      {
        "summary": "ICS-CERT recommended practices on Industrial Security",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "summary": "CVSS v3.1 Calculator",
        "url": "https://www.first.org/cvss/calculator/3.1"
      },
      {
        "category": "self",
        "summary": "The canonical URL.",
        "url": "https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0003.json"
      }
    ],
    "title": "Critical vulnerability in multiple SICK products",
    "tracking": {
      "current_release_date": "2024-10-17T13:00:00.000Z",
      "generator": {
        "date": "2024-11-21T07:41:27.228Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.15"
        }
      },
      "id": "SCA-2024-0003",
      "initial_release_date": "2024-10-17T13:00:00.000Z",
      "revision_history": [
        {
          "date": "2024-10-17T00:00:00.000Z",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-07-30T07:30:15.000Z",
          "number": "2",
          "summary": "Updated Advisory: URL for SICK Operating Guidelines has been updated"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK CLV6xx all versions",
                      "product_id": "CSAFPID-0001"
                    }
                  }
                ],
                "category": "product_name",
                "name": "CLV6xx"
              }
            ],
            "category": "product_family",
            "name": "CLV"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK RFx6xx all versions",
                      "product_id": "CSAFPID-0002"
                    }
                  }
                ],
                "category": "product_name",
                "name": "RFx6xx"
              }
            ],
            "category": "product_family",
            "name": "SICK RFx6xx all versions"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK Lector6xx all versions",
                      "product_id": "CSAFPID-0003"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Lector6xx"
              }
            ],
            "category": "product_family",
            "name": "Lector"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SICK CLV6xx Firmware all versions",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "CLV6xx Firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SICK RFx6xx Firmware all versions",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "RFx6xx Firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SICK Lector6xx Firmware all versions",
                  "product_id": "CSAFPID-0006"
                }
              }
            ],
            "category": "product_name",
            "name": "Lector6xx Firmware"
          }
        ],
        "category": "vendor",
        "name": "SICK AG"
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK CLV6xx all Firmware versions",
          "product_id": "CSAFPID-0007"
        },
        "product_reference": "CSAFPID-0004",
        "relates_to_product_reference": "CSAFPID-0001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK RFx6xx all Firmware versions",
          "product_id": "CSAFPID-0008"
        },
        "product_reference": "CSAFPID-0005",
        "relates_to_product_reference": "CSAFPID-0002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK Lector6xx all Firmware versions",
          "product_id": "CSAFPID-0009"
        },
        "product_reference": "CSAFPID-0006",
        "relates_to_product_reference": "CSAFPID-0003"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-10025",
      "cwe": {
        "id": "CWE-798",
        "name": "Use of Hard-coded Credentials"
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an \u201cAuthorized Client\u201d if the customer has not changed the default password.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Customers are strongly advised to change their default passwords.",
          "product_ids": [
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "NONE",
            "environmentalScore": 9.1,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.1,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        }
      ],
      "title": "Passwords are stored as plain text in the .sdd file"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.