SCA-2024-0005

Vulnerability from csaf_sick - Published: 2024-11-19 00:00 - Updated: 2024-11-19 00:00
Summary
Vulnerability in SICK Incoming Goods Suite

Notes

summary
SICK found a vulnerability in the Incoming Goods Suite which allows privilege escalation to the administrative level. Currently SICK is not aware of any public exploits specifically targeting the vulnerability. SICK has released a new version and strongly recommends updating to the newest version.
General Security Measures
As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.
Vulnerability Classification
SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.
To clipboard 

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "summary",
        "text": "SICK found a vulnerability in the Incoming Goods Suite which allows privilege escalation to the administrative level. Currently SICK is not aware of any public exploits specifically targeting the vulnerability. SICK has released a new version and strongly recommends updating to the newest version.",
        "title": "summary"
      },
      {
        "category": "general",
        "text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.",
        "title": "General Security Measures"
      },
      {
        "category": "general",
        "text": "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer\u2019s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.",
        "title": "Vulnerability Classification"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@sick.de",
      "issuing_authority": "SICK PSIRT is responsible for any vulnerabilities related to SICK products.",
      "name": "SICK PSIRT",
      "namespace": "https://www.sick.com/psirt"
    },
    "references": [
      {
        "summary": "SICK PSIRT Security Advisories",
        "url": "https://sick.com/psirt"
      },
      {
        "summary": "SICK Operating Guidelines",
        "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
      },
      {
        "summary": "ICS-CERT recommended practices on Industrial Security",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "summary": "CVSS v3.1 Calculator",
        "url": "https://www.first.org/cvss/calculator/3.1"
      },
      {
        "category": "self",
        "summary": "The canonical URL.",
        "url": "https://www.sick.com/.well-known/csaf/white/2024/sca-2024-005.json"
      },
      {
        "summary": "Linux post-installation steps for Docker Engine.",
        "url": "https://docs.docker.com/engine/install/linux-postinstall/"
      },
      {
        "summary": "Docker rootless mode to execute the Docker daemon and containers inside a user namespace.",
        "url": "https://docs.docker.com/engine/security/rootless/"
      }
    ],
    "title": "Vulnerability in SICK Incoming Goods Suite",
    "tracking": {
      "current_release_date": "2024-11-19T00:00:00.000Z",
      "generator": {
        "date": "2024-11-20T09:29:36.374Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.15"
        }
      },
      "id": "SCA-2024-0005",
      "initial_release_date": "2024-11-19T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2024-11-19T00:00:00.000Z",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-07-30T07:30:15.000Z",
          "number": "2",
          "summary": "Updated Advisory: URL for SICK Operating Guidelines has been updated"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1.0.0",
                "product": {
                  "name": "SICK Incoming Goods Suite 1.0.0",
                  "product_id": "CSAFPID-0001"
                }
              },
              {
                "category": "product_version",
                "name": "1.1.0",
                "product": {
                  "name": "SICK Incoming Goods Suite 1.1.0",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "Incoming Goods Suite"
          }
        ],
        "category": "vendor",
        "name": "SICK AG"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-11075",
      "cwe": {
        "id": "CWE-250",
        "name": "Execution with Unnecessary Privileges"
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "A vulnerability in the Incoming Goods Suite allows a user with unprivileged access to the underlying system (e.g. local or via SSH) a privilege escalation to the administrative level due to the usage of component vendor Docker images running with root permissions. Exploiting this misconfiguration leads to the fact that an attacker can gain administrative control over the whole system.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-0002"
        ],
        "known_affected": [
          "CSAFPID-0001"
        ],
        "recommended": [
          "CSAFPID-0002"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Customers are strongly recommended to upgrade to the latest release 1.1.0.\nIn addition, we recommend running the Docker daemon and container runtime in rootless mode. It is necessary to set the DOCKER_USER_ID and the DOCKER_GROUP_ID in the environment. Then the Docker socket can run as a non-root user when setting the path DOCKER_SOCKET_PATH=/run/user/${DOCKER_USER_ID}/docker.sock.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 8.8,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "temporalScore": 8.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "Privilege Escalation due to the usage of component vendor Docker images running with root permissions"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.