SICK InspectorP61x and SICK InspectorP62x: missing authentication
Lua apps can be deployed, removed, started, reloaded or stopped without authorization via
AppManager. This allows an attacker to remove legitimate apps creating a DoS attack, read and write
files or load apps that use all features of the product available to a customer.
Description: CWE-306 Missing Authentication for Critical Function
Metrics
Version
Base score
Base severity
Vector
3.1
8.2
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Version:3.1
Base score:8.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Metrics Other Info
Impacts
CAPEC ID
Description
Solutions
Configurations
Workarounds
Customers are strongly recommended to upgrade to the latest release. Furthermore, the
app development should be done in a trusted environment. After the development, app management
should be disabled