Описание
A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an “Authorized Client” if the customer has not changed the default password.
A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an “Authorized Client” if the customer has not changed the default password.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-10025
- https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF
- https://sick.com/psirt
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
- https://www.first.org/cvss/calculator/3.1
- https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0003.json
- https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0003.pdf
Связанные уязвимости
A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an “Authorized Client” if the customer has not changed the default password.
Уязвимость микропрограммного обеспечения устройств SICK CLV6xx, Lector6xx и RFx6xx, связанная с использованием жёстко закодированных учётных данных, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации и повысить свои привилегии до роли "Authorized Client"