← voltar
CVE-2024-10025

Vulnerability in SICK CLV6xx, SICK Lector6xx and SICK RFx6xx

CVSS 9.1 CRITICALEPSS 0.7%CWE-798
A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an “Authorized Client” if the customer has not changed the default password.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Produtos afetados
SICK AG · SICK CLV6xxSICK AG · SICK Lector6xxSICK AG · SICK RFx6xx

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDFhttps://sick.com/psirthttps://www.cisa.gov/resources-tools/resources/ics-recommended-practiceshttps://www.first.org/cvss/calculator/3.1https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0003.jsonhttps://www.sick.com/.well-known/csaf/white/2024/sca-2024-0003.pdf