We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-10772

SICK InspectorP61x and SICK InspectorP62x are vulnerable for firmware modification



Description

Since the firmware update is not validated, an attacker can install modified firmware on the device. This has a high impact on the availabilty, integrity and confidentiality up to the complete compromise of the device.

Reserved 2024-11-04 | Published 2024-12-06 | Updated 2024-12-09 | Assigner SICK AG


HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-649 Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking

Product status

Default status
unaffected

Any version before <5.0.0
affected

Default status
unaffected

Any version before <5.0.0
affected

Credits

Manuel Stotz finder

Tobias Jaeger finder

References

sick.com/psirt

cdn.sick.com/...ation_CYBERSECURITY_BY_SICK_en_IM0084411.PDF

www.cisa.gov/...es-tools/resources/ics-recommended-practices

www.first.org/cvss/calculator/3.1

www.sick.com/.well-known/csaf/white/2024/sca-2024-0006.pdf vendor-advisory

www.sick.com/.well-known/csaf/white/2024/sca-2024-0006.json vendor-advisory

cve.org (CVE-2024-10772)

nvd.nist.gov (CVE-2024-10772)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-10772

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.