Device Vulnerable to Pass-the-Hash Attacks
CVE-2024-10773

9CRITICAL

Key Information:

Vendor: Sick Ag
Status: Sick Inspectorp61x; Sick Inspectorp62x; Tim3xx
Vendor: CVE Published:; 6 December 2024

What is CVE-2024-10773?

The security issue arises from the presence of hardcoded credentials associated with hidden user levels within SICK Industrial Devices. This vulnerability allows attackers to execute pass-the-hash attacks, enabling unauthorized access to sensitive areas of the device. This unauthorized access poses significant risks, including potential control of industrial processes and compromise of critical data. Organizations using affected SICK products must prioritize the implementation of security best practices and consider remediation to mitigate the risks associated with such vulnerabilities.

Affected Version(s)

SICK InspectorP61x 0

SICK InspectorP62x 0

TiM3xx 0

References

https://sick.com/psirt

x_SICK PSIRT Website

https://cdn.sick.com/media/docs/1/11/411/Special_informat...

x_SICK Operating Guidelines

https://www.cisa.gov/resources-tools/resources/ics-recomm...

x_ICS-CERT recommended practices on Industrial Security

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 6, 2024
Vulnerability Reserved
Nov 4, 2024

Credit

Manuel Stotz

Tobias Jaeger

Sick Ag

What is CVE-2024-10773?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit