CVE-2024-10025 CRITICAL

CVE-2024-10025: Vulnerability in SICK CLV6xx, SICK Lector6xx and SICK RFx6xx

Vendor Sick Ag
Product SICK CLV6xx
Weakness CWE-798 · Hardcoded credentials
Published October 17, 2024
Last update October 17, 2024

CVSS base score

9.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an “Authorized Client” if the customer has not changed the default password.

Key dates

02Disclosure timeline

October 17, 2024 CVE published
October 17, 2024 Record updated