Vulnerability Description
A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an “Authorized Client” if the customer has not changed the default password.
CVSS Score
CRITICAL
Related Weaknesses (CWE)
References
- https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SI
- https://sick.com/psirt
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
- https://www.first.org/cvss/calculator/3.1
- https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0003.json
- https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0003.pdf
FAQ
What is CVE-2024-10025?
CVE-2024-10025 is a vulnerability with a CVSS score of 9.1 (CRITICAL). A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK pr...
How severe is CVE-2024-10025?
CVE-2024-10025 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-10025?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.