Unauthorized Access to Lua Apps Through AppManager
CVE-2024-10776

8.2HIGH

Key Information:

Vendor: Sick Ag
Status: Sick Inspectorp61x; Sick Inspectorp62x
Vendor: CVE Published:; 6 December 2024

What is CVE-2024-10776?

A vulnerability has been identified in SICK's AppManager, allowing unauthorized interactions with Lua applications. This issue permits unauthorized users to deploy, remove, start, reload, or stop applications without appropriate permissions. As a result, an attacker could potentially disrupt legitimate applications, leading to a denial of service (DoS) condition. Furthermore, this vulnerability enables the attacker to read and write files or to load malicious applications that exploit the full range of features available to legitimate users. Proper security measures must be taken to mitigate this risk.

Affected Version(s)

SICK InspectorP61x 0

SICK InspectorP62x 0

References

https://sick.com/psirt

x_SICK PSIRT Website

https://cdn.sick.com/media/docs/1/11/411/Special_informat...

x_SICK Operating Guidelines

https://www.cisa.gov/resources-tools/resources/ics-recomm...

x_ICS-CERT recommended practices on Industrial Security

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 6, 2024
Vulnerability Reserved
Nov 4, 2024

Credit

Manuel Stotz

Tobias Jaeger

Sick Ag

What is CVE-2024-10776?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit