CVE-2024-10025 Information

Description

A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials an attacker can log into affected SICK products as an “Authorized Client” if the customer has not changed the default password.

Reference

https://sick.com/psirt https://www.cisa.gov/resources-tools/resources/ics-recommended-practices https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF https://www.first.org/cvss/calculator/3.1 https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0003.pdf https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0003.json