Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for SICK Lector6xx by SICK AG

    CVE-2024-10025 (GCVE-0-2024-10025)

    Vulnerability from nvd – Published: 2024-10-17 09:58 – Updated: 2024-10-17 16:33
    VLAI
    Title
    Vulnerability in SICK CLV6xx, SICK Lector6xx and SICK RFx6xx
    Summary
    A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an “Authorized Client” if the customer has not changed the default password.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    References
    URL Tags
    https://sick.com/psirt x_SICK PSIRT Webseite
    https://www.cisa.gov/resources-tools/resources/ic… x_ICS-CERT recommended practices on Industrial Security
    https://cdn.sick.com/media/docs/1/11/411/Special_… x_SICK Operating Guidelines
    https://www.first.org/cvss/calculator/3.1 x_CVSS v3.1 Calculator
    https://www.sick.com/.well-known/csaf/white/2024/… vendor-advisory
    https://www.sick.com/.well-known/csaf/white/2024/… vendor-advisoryx_csaf
    Impacted products
    Vendor Product Version
    SICK AG SICK CLV6xx Affected: all versions
    Create a notification for this product.
    SICK AG SICK Lector6xx Affected: all versions
    Create a notification for this product.
    SICK AG SICK RFx6xx Affected: all versions
    Create a notification for this product.
    sick rfu620-10507_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:sick:lector611_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:sick:lector610_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:sick:lector620_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:lector621_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:lector622_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:lector630_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:lector632_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:lector640_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:lector642_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:lector650_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:lector651_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:lector654_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:clv620_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:clv621_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:clv622_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:clv630_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:clv631_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:clv632_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:clv640_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:clv642_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:clv650_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:clv651_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu610-10600_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu610-10601_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu610-10603_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu610-10604_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu610-10605_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu610-10607_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu610-10609_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu610-10610_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu610-10613_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu610-10614_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu610-10618_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu610-10700_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu620-10100_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu620-10101_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu620-10102_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu620-10103_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu620-10104_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu620-10105_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu620-10107_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu620-10108_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu620-10111_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu620-10114_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu620-10118_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu620-10400_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu620-10401_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu620-10500_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu620-10501_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu620-10503_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu620-10504_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu620-10507_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-10-17 09:44
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:sick:lector611_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:lector610_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:lector620_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:lector621_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:lector622_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:lector630_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:lector632_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:lector640_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:lector642_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:lector650_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:lector651_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:lector654_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:clv620_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:clv621_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:clv622_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:clv630_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:clv631_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:clv632_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:clv640_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:clv642_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:clv650_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:clv651_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu610-10600_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu610-10601_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu610-10603_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu610-10604_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu610-10605_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu610-10607_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu610-10609_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu610-10610_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu610-10613_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu610-10614_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu610-10618_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu610-10700_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu620-10100_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu620-10101_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu620-10102_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu620-10103_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu620-10104_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu620-10105_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu620-10107_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu620-10108_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu620-10111_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu620-10114_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu620-10118_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu620-10400_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu620-10401_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu620-10500_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu620-10501_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu620-10503_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu620-10504_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu620-10507_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "rfu620-10507_firmware",
                "vendor": "sick",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10025",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-17T13:41:03.974704Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T16:33:53.645Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SICK CLV6xx",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SICK Lector6xx",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SICK RFx6xx",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "datePublic": "2024-10-17T09:44:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an \u201cAuthorized Client\u201d if the customer has not changed the default password."
                }
              ],
              "value": "A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an \u201cAuthorized Client\u201d if the customer has not changed the default password."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-17T09:58:03.111Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "x_SICK PSIRT Webseite"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "tags": [
                "x_ICS-CERT recommended practices on Industrial Security"
              ],
              "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
            },
            {
              "tags": [
                "x_SICK Operating Guidelines"
              ],
              "url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
            },
            {
              "tags": [
                "x_CVSS v3.1 Calculator"
              ],
              "url": "https://www.first.org/cvss/calculator/3.1"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0003.pdf"
            },
            {
              "tags": [
                "vendor-advisory",
                "x_csaf"
              ],
              "url": "https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0003.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Customers are strongly advised to change their default passwords.\u003cbr\u003e"
                }
              ],
              "value": "Customers are strongly advised to change their default passwords."
            }
          ],
          "source": {
            "advisory": "sca-2024-0003",
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2024-10-17T09:53:00.000Z",
              "value": "1: Initial version"
            }
          ],
          "title": "Vulnerability in SICK CLV6xx, SICK Lector6xx and SICK RFx6xx",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2024-10025",
        "datePublished": "2024-10-17T09:58:03.111Z",
        "dateReserved": "2024-10-16T07:45:23.632Z",
        "dateUpdated": "2024-10-17T16:33:53.645Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-10025 (GCVE-0-2024-10025)

    Vulnerability from cvelistv5 – Published: 2024-10-17 09:58 – Updated: 2024-10-17 16:33
    VLAI
    Title
    Vulnerability in SICK CLV6xx, SICK Lector6xx and SICK RFx6xx
    Summary
    A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an “Authorized Client” if the customer has not changed the default password.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    References
    URL Tags
    https://sick.com/psirt x_SICK PSIRT Webseite
    https://www.cisa.gov/resources-tools/resources/ic… x_ICS-CERT recommended practices on Industrial Security
    https://cdn.sick.com/media/docs/1/11/411/Special_… x_SICK Operating Guidelines
    https://www.first.org/cvss/calculator/3.1 x_CVSS v3.1 Calculator
    https://www.sick.com/.well-known/csaf/white/2024/… vendor-advisory
    https://www.sick.com/.well-known/csaf/white/2024/… vendor-advisoryx_csaf
    Impacted products
    Vendor Product Version
    SICK AG SICK CLV6xx Affected: all versions
    Create a notification for this product.
    SICK AG SICK Lector6xx Affected: all versions
    Create a notification for this product.
    SICK AG SICK RFx6xx Affected: all versions
    Create a notification for this product.
    sick rfu620-10507_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:sick:lector611_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:sick:lector610_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:sick:lector620_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:lector621_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:lector622_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:lector630_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:lector632_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:lector640_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:lector642_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:lector650_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:lector651_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:lector654_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:clv620_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:clv621_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:clv622_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:clv630_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:clv631_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:clv632_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:clv640_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:clv642_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:clv650_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:clv651_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu610-10600_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu610-10601_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu610-10603_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu610-10604_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu610-10605_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu610-10607_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu610-10609_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu610-10610_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu610-10613_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu610-10614_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu610-10618_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu610-10700_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu620-10100_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu620-10101_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu620-10102_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu620-10103_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu620-10104_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu620-10105_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu620-10107_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu620-10108_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu620-10111_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu620-10114_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu620-10118_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu620-10400_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu620-10401_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu620-10500_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu620-10501_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu620-10503_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu620-10504_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:sick:rfu620-10507_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-10-17 09:44
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:sick:lector611_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:lector610_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:lector620_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:lector621_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:lector622_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:lector630_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:lector632_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:lector640_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:lector642_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:lector650_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:lector651_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:lector654_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:clv620_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:clv621_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:clv622_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:clv630_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:clv631_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:clv632_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:clv640_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:clv642_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:clv650_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:clv651_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu610-10600_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu610-10601_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu610-10603_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu610-10604_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu610-10605_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu610-10607_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu610-10609_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu610-10610_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu610-10613_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu610-10614_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu610-10618_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu610-10700_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu620-10100_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu620-10101_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu620-10102_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu620-10103_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu620-10104_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu620-10105_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu620-10107_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu620-10108_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu620-10111_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu620-10114_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu620-10118_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu620-10400_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu620-10401_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu620-10500_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu620-10501_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu620-10503_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu620-10504_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:sick:rfu620-10507_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "rfu620-10507_firmware",
                "vendor": "sick",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10025",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-17T13:41:03.974704Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T16:33:53.645Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SICK CLV6xx",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SICK Lector6xx",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SICK RFx6xx",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "datePublic": "2024-10-17T09:44:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an \u201cAuthorized Client\u201d if the customer has not changed the default password."
                }
              ],
              "value": "A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an \u201cAuthorized Client\u201d if the customer has not changed the default password."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-17T09:58:03.111Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "x_SICK PSIRT Webseite"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "tags": [
                "x_ICS-CERT recommended practices on Industrial Security"
              ],
              "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
            },
            {
              "tags": [
                "x_SICK Operating Guidelines"
              ],
              "url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
            },
            {
              "tags": [
                "x_CVSS v3.1 Calculator"
              ],
              "url": "https://www.first.org/cvss/calculator/3.1"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0003.pdf"
            },
            {
              "tags": [
                "vendor-advisory",
                "x_csaf"
              ],
              "url": "https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0003.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Customers are strongly advised to change their default passwords.\u003cbr\u003e"
                }
              ],
              "value": "Customers are strongly advised to change their default passwords."
            }
          ],
          "source": {
            "advisory": "sca-2024-0003",
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2024-10-17T09:53:00.000Z",
              "value": "1: Initial version"
            }
          ],
          "title": "Vulnerability in SICK CLV6xx, SICK Lector6xx and SICK RFx6xx",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2024-10025",
        "datePublished": "2024-10-17T09:58:03.111Z",
        "dateReserved": "2024-10-16T07:45:23.632Z",
        "dateUpdated": "2024-10-17T16:33:53.645Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }