CVE-2024-10025
CVSS V2 None
CVSS V3 None
Description
A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an “Authorized Client” if the customer has not changed the default password.
Overview
- CVE ID
- CVE-2024-10025
- Assigner
- SICK AG
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-10-17T09:58:03.111Z
- Last Modified Date
- 2024-10-17T16:33:53.645Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://sick.com/psirt | x_SICK PSIRT Webseite |
| https://www.cisa.gov/resources-tools/resources/ics-recommended-practices | x_ICS-CERT recommended practices on Industrial Security |
| https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF | x_SICK Operating Guidelines |
| https://www.first.org/cvss/calculator/3.1 | x_CVSS v3.1 Calculator |
| https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0003.pdf | vendor-advisory |
| https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0003.json | vendor-advisory x_csaf |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-10025 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10025 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-10-18 13:17:51 | Added to TrackCVE |