Unauthenticated Access Vulnerability in SICK CROWN APIs
CVE-2024-10774

7.3HIGH

Key Information:

Vendor: Sick Ag
Status: Sick Inspectorp61x; Sick Inspectorp62x
Vendor: CVE Published:; 6 December 2024

What is CVE-2024-10774?

The CROWN APIs provided by SICK are affected by a significant vulnerability that permits unauthenticated access to critical functions within the web application. This defect enables unauthorized users to interact with sensitive areas of the system without proper authentication controls. As a result, this poses substantial risks to the integrity and confidentiality of the data handled by the affected product. Organizations utilizing SICK's CROWN APIs should take immediate actions to mitigate potential exploitation, such as applying patches and reviewing access controls to safeguard their web applications.

Affected Version(s)

SICK InspectorP61x 0

SICK InspectorP62x 0

References

https://sick.com/psirt

x_SICK PSIRT Website

https://cdn.sick.com/media/docs/1/11/411/Special_informat...

x_SICK Operating Guidelines

https://www.cisa.gov/resources-tools/resources/ics-recomm...

x_ICS-CERT recommended practices on Industrial Security

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 6, 2024
Vulnerability Reserved
Nov 4, 2024

Credit

Manuel Stotz

Tobias Jaeger

Sick Ag