Privilege Escalation Vulnerability in Incoming Goods Suite Allows Attacker to Gain Administrative Control
CVE-2024-11075

8.8HIGH

Key Information:

Vendor
Sick Ag
Status
Sick Incoming Goods Suite
Vendor
CVE Published:
19 November 2024

Summary

A vulnerability exists in the Incoming Goods Suite developed by SICK, which allows unprivileged users with access to the underlying system, whether local or via SSH, to escalate their privileges to an administrative level. This issue arises from the use of Docker images that operate with root permissions, creating a security misconfiguration. By exploiting this vulnerability, attackers can gain full administrative control over the system, posing significant risks to the integrity and security of the affected installations.

Affected Version(s)

SICK Incoming Goods Suite 1.0.0

References

https://sick.com/psirt
x_SICK PSIRT Website
https://cdn.sick.com/media/docs/1/11/411/Special_informat...
x_SICK Operating Guidelines
https://www.cisa.gov/resources-tools/resources/ics-recomm...
x_ICS-CERT recommended practices on Industrial Security

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.