{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-10771", "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "state": "PUBLISHED", "assignerShortName": "SICK AG", "dateReserved": "2024-11-04T13:06:55.136Z", "datePublished": "2024-12-06T12:24:40.610Z", "dateUpdated": "2024-12-09T14:47:30.064Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SICK InspectorP61x", "vendor": "SICK AG", "versions": [{"lessThan": "<5.0.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "SICK InspectorP62x", "vendor": "SICK AG", "versions": [{"lessThan": "<5.0.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "TiM3xx", "vendor": "SICK AG", "versions": [{"lessThan": "<5.10.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Manuel Stotz"}, {"lang": "en", "type": "finder", "value": "Tobias Jaeger"}], "datePublic": "2024-12-06T12:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Due to missing input validation during one step of the firmware update process, the product\nis vulnerable to remote code execution. With network access and the user level \u201dService\u201d, an attacker\ncan execute arbitrary system commands in the root user\u2019s contexts."}], "value": "Due to missing input validation during one step of the firmware update process, the product\nis vulnerable to remote code execution. With network access and the user level \u201dService\u201d, an attacker\ncan execute arbitrary system commands in the root user\u2019s contexts."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "shortName": "SICK AG", "dateUpdated": "2024-12-06T12:24:40.610Z"}, "references": [{"tags": ["x_SICK PSIRT Website"], "url": "https://sick.com/psirt"}, {"tags": ["x_SICK Operating Guidelines"], "url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"}, {"tags": ["x_ICS-CERT recommended practices on Industrial Security"], "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"}, {"tags": ["x_CVSS v3.1 Calculator"], "url": "https://www.first.org/cvss/calculator/3.1"}, {"tags": ["vendor-advisory"], "url": "https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0006.pdf"}, {"tags": ["vendor-advisory", "x_csaf"], "url": "https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0006.json"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "For InspectorP61x and InspectorP62x: Customers are strongly recommended to upgrade to the latest release."}], "value": "For InspectorP61x and InspectorP62x: Customers are strongly recommended to upgrade to the latest release."}], "source": {"advisory": "SCA-2024-0006", "discovery": "EXTERNAL"}, "title": "SICK InspectorP61x, SICK InspectorP62x and SICK TiM3xx are vulnerable for remote code execution", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "For TiM3xx:&nbsp;\n\nWe recommend updating the firmware only in a trusted environment."}], "value": "For TiM3xx:\u00a0\n\nWe recommend updating the firmware only in a trusted environment."}], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "sick", "product": "inspector61x_firmware", "cpes": ["cpe:2.3:o:sick:inspector61x_firmware:-:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThan": "5.0.0", "versionType": "custom"}]}, {"vendor": "sick", "product": "inspector62x_firmware", "cpes": ["cpe:2.3:o:sick:inspector62x_firmware:-:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThan": "5.0.0", "versionType": "custom"}]}, {"vendor": "sick", "product": "tim3xx", "cpes": ["cpe:2.3:a:sick:tim3xx:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThan": "5.10.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-09T14:46:19.943493Z", "id": "CVE-2024-10771", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-09T14:47:30.064Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-10771", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-12-09T14:46:19.943493Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:sick:inspector61x_firmware:-:*:*:*:*:*:*:*"], "vendor": "sick", "product": "inspector61x_firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "5.0.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:o:sick:inspector62x_firmware:-:*:*:*:*:*:*:*"], "vendor": "sick", "product": "inspector62x_firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "5.0.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:sick:tim3xx:*:*:*:*:*:*:*:*"], "vendor": "sick", "product": "tim3xx", "versions": [{"status": "affected", "version": "0", "lessThan": "5.10.0", "versionType": "custom"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-09T14:47:22.147Z"}}], "cna": {"title": "SICK InspectorP61x, SICK InspectorP62x and SICK TiM3xx are vulnerable for remote code execution", "source": {"advisory": "SCA-2024-0006", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Manuel Stotz"}, {"lang": "en", "type": "finder", "value": "Tobias Jaeger"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SICK AG", "product": "SICK InspectorP61x", "versions": [{"status": "affected", "version": "0", "lessThan": "<5.0.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "SICK AG", "product": "SICK InspectorP62x", "versions": [{"status": "affected", "version": "0", "lessThan": "<5.0.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "SICK AG", "product": "TiM3xx", "versions": [{"status": "affected", "version": "0", "lessThan": "<5.10.0", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "For InspectorP61x and InspectorP62x: Customers are strongly recommended to upgrade to the latest release.", "supportingMedia": [{"type": "text/html", "value": "For InspectorP61x and InspectorP62x: Customers are strongly recommended to upgrade to the latest release.", "base64": false}]}], "datePublic": "2024-12-06T12:00:00.000Z", "references": [{"url": "https://sick.com/psirt", "tags": ["x_SICK PSIRT Website"]}, {"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF", "tags": ["x_SICK Operating Guidelines"]}, {"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices", "tags": ["x_ICS-CERT recommended practices on Industrial Security"]}, {"url": "https://www.first.org/cvss/calculator/3.1", "tags": ["x_CVSS v3.1 Calculator"]}, {"url": "https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0006.pdf", "tags": ["vendor-advisory"]}, {"url": "https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0006.json", "tags": ["vendor-advisory", "x_csaf"]}], "workarounds": [{"lang": "en", "value": "For TiM3xx:\u00a0\n\nWe recommend updating the firmware only in a trusted environment.", "supportingMedia": [{"type": "text/html", "value": "For TiM3xx:&nbsp;\n\nWe recommend updating the firmware only in a trusted environment.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Due to missing input validation during one step of the firmware update process, the product\nis vulnerable to remote code execution. With network access and the user level \u201dService\u201d, an attacker\ncan execute arbitrary system commands in the root user\u2019s contexts.", "supportingMedia": [{"type": "text/html", "value": "Due to missing input validation during one step of the firmware update process, the product\nis vulnerable to remote code execution. With network access and the user level \u201dService\u201d, an attacker\ncan execute arbitrary system commands in the root user\u2019s contexts.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "shortName": "SICK AG", "dateUpdated": "2024-12-06T12:24:40.610Z"}}}, "cveMetadata": {"cveId": "CVE-2024-10771", "state": "PUBLISHED", "dateUpdated": "2024-12-09T14:47:30.064Z", "dateReserved": "2024-11-04T13:06:55.136Z", "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "datePublished": "2024-12-06T12:24:40.610Z", "assignerShortName": "SICK AG"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Due to missing input validation during one step of the firmware update process, the product\nis vulnerable to remote code execution. With network access and the user level \u201dService\u201d, an attacker\ncan execute arbitrary system commands in the root user\u2019s contexts."}], "id": "CVE-2024-10771", "lastModified": "2024-12-06T13:15:04.797", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "psirt@sick.de", "type": "Secondary"}]}, "published": "2024-12-06T13:15:04.797", "references": [{"source": "psirt@sick.de", "url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"}, {"source": "psirt@sick.de", "url": "https://sick.com/psirt"}, {"source": "psirt@sick.de", "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"}, {"source": "psirt@sick.de", "url": "https://www.first.org/cvss/calculator/3.1"}, {"source": "psirt@sick.de", "url": "https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0006.json"}, {"source": "psirt@sick.de", "url": "https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0006.pdf"}], "sourceIdentifier": "psirt@sick.de", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "psirt@sick.de", "type": "Secondary"}]}

{}

{}