Device Vulnerable to Pass-the-Hash Attacks
CVE-2024-10773

9CRITICAL

Key Information:

Vendor
Sick Ag
Status
Sick Inspectorp61x
Sick Inspectorp62x
Tim3xx
Vendor
CVE Published:
6 December 2024

Summary

The security issue arises from the presence of hardcoded credentials associated with hidden user levels within SICK Industrial Devices. This vulnerability allows attackers to execute pass-the-hash attacks, enabling unauthorized access to sensitive areas of the device. This unauthorized access poses significant risks, including potential control of industrial processes and compromise of critical data. Organizations using affected SICK products must prioritize the implementation of security best practices and consider remediation to mitigate the risks associated with such vulnerabilities.

Affected Version(s)

SICK InspectorP61x 0

SICK InspectorP62x 0

TiM3xx 0

References

https://sick.com/psirt
x_SICK PSIRT Website
https://cdn.sick.com/media/docs/1/11/411/Special_informat...
x_SICK Operating Guidelines
https://www.cisa.gov/resources-tools/resources/ics-recomm...
x_ICS-CERT recommended practices on Industrial Security

CVSS V3.1

Score:
9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Manuel Stotz
Tobias Jaeger
.