Vulnerability in Web Server Authentication Process Could Lead to Replay Attacks
CVE-2024-11022

5.6MEDIUM

Key Information:

Vendor: Sick Ag
Status: Sick Inspectorp61x; Sick Inspectorp62x
Vendor: CVE Published:; 6 December 2024

Summary

The authentication process to the web server uses a challenge response procedure which inludes the nonce and additional information. This challenge can be used several times for login and is therefore vulnerable for a replay attack.

Affected Version(s)

SICK InspectorP61x all versions

SICK InspectorP62x all versions

References

https://sick.com/psirt

x_SICK PSIRT Website

https://cdn.sick.com/media/docs/1/11/411/Special_informat...

x_SICK Operating Guidelines

https://www.cisa.gov/resources-tools/resources/ics-recomm...

x_ICS-CERT recommended practices on Industrial Security

CVSS V3.1

Score:

5.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 6, 2024
Vulnerability Reserved
Nov 8, 2024

Credit

Manuel Stotz

Tobias Jaeger