CVE-2024-10771
CVSS V2 None
CVSS V3 None
Description
Due to missing input validation during one step of the firmware update process, the product
is vulnerable to remote code execution. With network access and the user level ”Service”, an attacker
can execute arbitrary system commands in the root user’s contexts.
Overview
- CVE ID
- CVE-2024-10771
- Assigner
- SICK AG
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-12-06T12:24:40.610Z
- Last Modified Date
- 2024-12-06T12:24:40.610Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://sick.com/psirt | x_SICK PSIRT Website |
https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF | x_SICK Operating Guidelines |
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices | x_ICS-CERT recommended practices on Industrial Security |
https://www.first.org/cvss/calculator/3.1 | x_CVSS v3.1 Calculator |
https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0006.pdf | vendor-advisory |
https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0006.json | vendor-advisory x_csaf |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-10771 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10771 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-12-07 13:13:55 | Added to TrackCVE |