CVE-2024-11075
CVSS V2 None
CVSS V3 None
Description
A vulnerability in the Incoming Goods Suite allows a user with unprivileged access to the underlying system (e.g. local or via SSH) a privilege escalation to the administrative level due to the usage of component vendor Docker images running with root permissions. Exploiting this misconfiguration leads to the fact that an attacker can gain administrative control. over the whole system.
Overview
- CVE ID
- CVE-2024-11075
- Assigner
- SICK AG
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-11-19T13:13:00.565Z
- Last Modified Date
- 2024-11-19T14:13:07.706Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://sick.com/psirt | x_SICK PSIRT Website |
| https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF | x_SICK Operating Guidelines |
| https://www.cisa.gov/resources-tools/resources/ics-recommended-practices | x_ICS-CERT recommended practices on Industrial Security |
| https://www.first.org/cvss/calculator/3.1 | x_CVSS v3.1 Calculator |
| https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0005.pdf | vendor-advisory |
| https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0005.json | vendor-advisory x_csaf |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-11075 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11075 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-11-20 13:58:30 | Added to TrackCVE |