Unauthenticated Access Vulnerability in SICK CROWN APIs
CVE-2024-10774

7.3HIGH

Key Information:

Vendor
Sick Ag
Status
Sick Inspectorp61x
Sick Inspectorp62x
Vendor
CVE Published:
6 December 2024

Summary

The CROWN APIs provided by SICK are affected by a significant vulnerability that permits unauthenticated access to critical functions within the web application. This defect enables unauthorized users to interact with sensitive areas of the system without proper authentication controls. As a result, this poses substantial risks to the integrity and confidentiality of the data handled by the affected product. Organizations utilizing SICK's CROWN APIs should take immediate actions to mitigate potential exploitation, such as applying patches and reviewing access controls to safeguard their web applications.

Affected Version(s)

SICK InspectorP61x 0

SICK InspectorP62x 0

References

https://sick.com/psirt
x_SICK PSIRT Website
https://cdn.sick.com/media/docs/1/11/411/Special_informat...
x_SICK Operating Guidelines
https://www.cisa.gov/resources-tools/resources/ics-recomm...
x_ICS-CERT recommended practices on Industrial Security

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Manuel Stotz
Tobias Jaeger
.