CVE-2024-10773: SICK InspectorP61x, SICK InspectorP62x and SICK TiM3xx are vulnerable for pass-the-hash attacks

9.0 CVSS

Description

The product is vulnerable to pass-the-hash attacks in combination with hardcoded credentials of hidden user levels. This means that an attacker can log in with the hidden user levels and gain
full access to the device.

Classification

CVE ID: CVE-2024-10773

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.0

Affected Products

Vendor: SICK AG

Product: SICK InspectorP61x

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 12.38% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://sick.com/psirt
https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
https://www.first.org/cvss/calculator/3.1
https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0006.pdf
https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0006.json

Timeline

2024-12-07 00:31:03 UTC
CVE

SICK InspectorP61x, SICK InspectorP62x and SICK TiM3xx are vulnerable for pass-the-hash attacks