Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2024-10776
PUBLISHED
More InfoOfficial Page
Assigner-SICK AG
Assigner Org ID-a6863dd2-93fc-443d-bef1-79f0b5020988
View Known Exploited Vulnerability (KEV) details
Published At-06 Dec, 2024 | 12:38
Updated At-09 Dec, 2024 | 14:06
Rejected At-
▼CVE Numbering Authority (CNA)
SICK InspectorP61x and SICK InspectorP62x: missing authentication

Lua apps can be deployed, removed, started, reloaded or stopped without authorization via AppManager. This allows an attacker to remove legitimate apps creating a DoS attack, read and write files or load apps that use all features of the product available to a customer.

Affected Products
Vendor
SICK AGSICK AG
Product
SICK InspectorP61x
Default Status
unaffected
Versions
Affected
  • From 0 before <5.0.0 (custom)
Vendor
SICK AGSICK AG
Product
SICK InspectorP62x
Default Status
unaffected
Versions
Affected
  • From 0 before <5.0.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-306CWE-306 Missing Authentication for Critical Function
Metrics
VersionBase scoreBase severityVector
3.18.2HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds

Customers are strongly recommended to upgrade to the latest release. Furthermore, the app development should be done in a trusted environment. After the development, app management should be disabled

Exploits
Credits
finder
Manuel Stotz
finder
Tobias Jaeger
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://sick.com/psirt
x_SICK PSIRT Website
https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF
x_SICK Operating Guidelines
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
x_ICS-CERT recommended practices on Industrial Security
https://www.first.org/cvss/calculator/3.1
x_CVSS v3.1 Calculator
https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0006.pdf
vendor-advisory
https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0006.json
vendor-advisory
x_csaf
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
SICK AGsick
Product
inspector61x_firmware
CPEs
  • cpe:2.3:o:sick:inspector61x_firmware:-:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 0 before 5.0.0 (custom)
Vendor
SICK AGsick
Product
inspector62x_firmware
CPEs
  • cpe:2.3:o:sick:inspector62x_firmware:-:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 0 before 5.0.0 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found