← back
CVE-2024-10025

Vulnerability in SICK CLV6xx, SICK Lector6xx and SICK RFx6xx

CVSS 9.1 CRITICALEPSS 0.7%CWE-798
A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an “Authorized Client” if the customer has not changed the default password.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Affected products
SICK AG · SICK CLV6xxSICK AG · SICK Lector6xxSICK AG · SICK RFx6xx

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDFhttps://sick.com/psirthttps://www.cisa.gov/resources-tools/resources/ics-recommended-practiceshttps://www.first.org/cvss/calculator/3.1https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0003.jsonhttps://www.sick.com/.well-known/csaf/white/2024/sca-2024-0003.pdf