CVE-2024-11075

Published: Nov 19, 2024Modified: Nov 19, 2024

8.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitability: 2.0 / Impact: 6.0

Source: psirt@sick.de (Secondary)

Description

A vulnerability in the Incoming Goods Suite allows a user with unprivileged access to the underlying system (e.g. local or via SSH) a privilege escalation to the administrative level due to the usage of component vendor Docker images running with root permissions. Exploiting this misconfiguration leads to the fact that an attacker can gain administrative control. over the whole system.

Related CWEs

Execution with Unnecessary Privileges

The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

References (6)

https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF

Source: psirt@sick.de

https://sick.com/psirt

Source: psirt@sick.de

https://www.cisa.gov/resources-tools/resources/ics-recommended-practices

Source: psirt@sick.de

https://www.first.org/cvss/calculator/3.1

Source: psirt@sick.de

https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0005.json

Source: psirt@sick.de

https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0005.pdf

Source: psirt@sick.de

Timeline

No history available yet.