All the vulnerabilites related to SICK AG - SICK RFx6xx
cve-2024-10025
Vulnerability from cvelistv5
Published
2024-10-17 09:58
Modified
2024-10-17 16:33
Severity ?
Summary
Vulnerability in SICK CLV6xx, SICK Lector6xx and SICK RFx6xx
Impacted products
Vendor Product Version
SICK AG SICK Lector6xx Version: all versions
SICK AG SICK RFx6xx Version: all versions
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:sick:lector611_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:lector610_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:lector620_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:lector621_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:lector622_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:lector630_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:lector632_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:lector640_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:lector642_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:lector650_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:lector651_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:lector654_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:clv620_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:clv621_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:clv622_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:clv630_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:clv631_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:clv632_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:clv640_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:clv642_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:clv650_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:clv651_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu610-10600_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu610-10601_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu610-10603_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu610-10604_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu610-10605_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu610-10607_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu610-10609_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu610-10610_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu610-10613_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu610-10614_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu610-10618_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu610-10700_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu620-10100_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu620-10101_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu620-10102_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu620-10103_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu620-10104_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu620-10105_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu620-10107_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu620-10108_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu620-10111_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu620-10114_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu620-10118_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu620-10400_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu620-10401_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu620-10500_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu620-10501_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu620-10503_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu620-10504_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:sick:rfu620-10507_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "rfu620-10507_firmware",
            "vendor": "sick",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-10025",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-17T13:41:03.974704Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-17T16:33:53.645Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "SICK CLV6xx",
          "vendor": "SICK AG",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SICK Lector6xx",
          "vendor": "SICK AG",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SICK RFx6xx",
          "vendor": "SICK AG",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        }
      ],
      "datePublic": "2024-10-17T09:44:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an \u201cAuthorized Client\u201d if the customer has not changed the default password."
            }
          ],
          "value": "A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an \u201cAuthorized Client\u201d if the customer has not changed the default password."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798 Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-17T09:58:03.111Z",
        "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "shortName": "SICK AG"
      },
      "references": [
        {
          "tags": [
            "x_SICK PSIRT Webseite"
          ],
          "url": "https://sick.com/psirt"
        },
        {
          "tags": [
            "x_ICS-CERT recommended practices on Industrial Security"
          ],
          "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
        },
        {
          "tags": [
            "x_SICK Operating Guidelines"
          ],
          "url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
        },
        {
          "tags": [
            "x_CVSS v3.1 Calculator"
          ],
          "url": "https://www.first.org/cvss/calculator/3.1"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0003.pdf"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_csaf"
          ],
          "url": "https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0003.json"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Customers are strongly advised to change their default passwords.\u003cbr\u003e"
            }
          ],
          "value": "Customers are strongly advised to change their default passwords."
        }
      ],
      "source": {
        "advisory": "sca-2024-0003",
        "discovery": "INTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-10-17T09:53:00.000Z",
          "value": "1: Initial version"
        }
      ],
      "title": "Vulnerability in SICK CLV6xx, SICK Lector6xx and SICK RFx6xx",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
    "assignerShortName": "SICK AG",
    "cveId": "CVE-2024-10025",
    "datePublished": "2024-10-17T09:58:03.111Z",
    "dateReserved": "2024-10-16T07:45:23.632Z",
    "dateUpdated": "2024-10-17T16:33:53.645Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}