Firmware Update Vulnerability: Remote Code Execution Risks
CVE-2024-10771

8.8HIGH

Key Information:

Vendor

Sick Ag

Status
Sick Inspectorp61x
Sick Inspectorp62x
Tim3xx
Vendor
CVE Published:
6 December 2024

What is CVE-2024-10771?

The vulnerability occurs due to inadequate input validation in the firmware update process of SICK products. An attacker with network access who possesses a user-level 'Service' account can exploit this weakness to execute arbitrary commands with root user privileges. This could lead to unauthorized access and potential system compromise. Organizations using affected SICK products should take immediate action to review their security protocols and ensure that firmware updates are applied promptly to mitigate risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SICK InspectorP61x 0

SICK InspectorP62x 0

TiM3xx 0

References

https://sick.com/psirt
x_SICK PSIRT Website
https://cdn.sick.com/media/docs/1/11/411/Special_informat...
x_SICK Operating Guidelines
https://www.cisa.gov/resources-tools/resources/ics-recomm...
x_ICS-CERT recommended practices on Industrial Security

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Manuel Stotz
Tobias Jaeger
JSON
.