{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2024-10771", "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "state": "PUBLISHED", "assignerShortName": "SICK AG", "dateReserved": "2024-11-04T13:06:55.136Z", "datePublished": "2024-12-06T12:24:40.610Z", "dateUpdated": "2026-05-13T12:04:13.962Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "shortName": "SICK AG", "dateUpdated": "2026-05-13T12:04:13.962Z" }, "title": "SICK InspectorP61x, SICK InspectorP62x and SICK TiM3xx are vulnerable for remote code execution", "datePublic": "2024-12-06T12:00:00.000Z", "problemTypes": [ { "descriptions": [ { "lang": "en", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')", "type": "CWE" } ] } ], "affected": [ { "vendor": "SICK AG", "product": "SICK InspectorP61x", "versions": [ { "status": "affected", "version": "0", "lessThan": "<5.0.0", "versionType": "custom" } ], "defaultStatus": "unaffected" }, { "vendor": "SICK AG", "product": "SICK InspectorP62x", "versions": [ { "status": "affected", "version": "0", "lessThan": "<5.0.0", "versionType": "custom" } ], "defaultStatus": "unaffected" }, { "vendor": "SICK AG", "product": "TiM3xx", "versions": [ { "status": "affected", "version": "0", "lessThan": "<5.10.0", "versionType": "custom" } ], "defaultStatus": "unaffected" }, { "vendor": "SICK AG", "product": "TDC-X401GL", "versions": [ { "status": "affected", "version": "all versions" } ], "defaultStatus": "affected" } ], "descriptions": [ { "lang": "en", "value": "Due to missing input validation during one step of the firmware update process, the product\nis vulnerable to remote code execution. With network access and the user level ”Service”, an attacker\ncan execute arbitrary system commands in the root user’s contexts.", "supportingMedia": [ { "type": "text/html", "base64": false, "value": "Due to missing input validation during one step of the firmware update process, the product\nis vulnerable to remote code execution. With network access and the user level ”Service”, an attacker\ncan execute arbitrary system commands in the root user’s contexts." } ] } ], "references": [ { "url": "https://sick.com/psirt", "tags": [ "x_SICK PSIRT Website" ] }, { "url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF", "tags": [ "x_SICK Operating Guidelines" ] }, { "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices", "tags": [ "x_ICS-CERT recommended practices on Industrial Security" ] }, { "url": "https://www.first.org/cvss/calculator/3.1", "tags": [ "x_CVSS v3.1 Calculator" ] }, { "url": "https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0006.pdf", "tags": [ "vendor-advisory" ] }, { "url": "https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0006.json", "tags": [ "vendor-advisory", "x_csaf" ] } ], "metrics": [ { "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ], "cvssV3_1": { "version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } } ], "workarounds": [ { "lang": "en", "value": "For TiM3xx: \n\nWe recommend updating the firmware only in a trusted environment.", "supportingMedia": [ { "type": "text/html", "base64": false, "value": "For TiM3xx: \n\nWe recommend updating the firmware only in a trusted environment." } ] }, { "lang": "en", "value": "For TDC-X401GL: Upon completion of the initial device setup, deactivate AppEngine. Disabling it fully mitigates\nthis vulnerability.", "supportingMedia": [ { "type": "text/html", "base64": false, "value": "For TDC-X401GL: Upon completion of the initial device setup, deactivate AppEngine. Disabling it fully mitigates\nthis vulnerability." } ] } ], "solutions": [ { "lang": "en", "value": "For InspectorP61x and InspectorP62x: Customers are strongly recommended to upgrade to the latest release.", "supportingMedia": [ { "type": "text/html", "base64": false, "value": "For InspectorP61x and InspectorP62x: Customers are strongly recommended to upgrade to the latest release." } ] } ], "credits": [ { "lang": "en", "value": "Manuel Stotz", "type": "finder" }, { "lang": "en", "value": "Tobias Jaeger", "type": "finder" } ], "source": { "advisory": "SCA-2024-0006", "discovery": "EXTERNAL" }, "x_generator": { "engine": "Vulnogram 0.2.0" } }, "adp": [ { "affected": [ { "vendor": "sick", "product": "inspector61x_firmware", "cpes": [ "cpe:2.3:o:sick:inspector61x_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "versions": [ { "version": "0", "status": "affected", "lessThan": "5.0.0", "versionType": "custom" } ] }, { "vendor": "sick", "product": "inspector62x_firmware", "cpes": [ "cpe:2.3:o:sick:inspector62x_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "versions": [ { "version": "0", "status": "affected", "lessThan": "5.0.0", "versionType": "custom" } ] }, { "vendor": "sick", "product": "tim3xx", "cpes": [ "cpe:2.3:a:sick:tim3xx:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "versions": [ { "version": "0", "status": "affected", "lessThan": "5.10.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "type": "ssvc", "content": { "timestamp": "2024-12-09T14:46:19.943493Z", "id": "CVE-2024-10771", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-09T14:47:30.064Z" } } ] } }