admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2024/10xxx/CVE-2024-10771.json
CVE Team a64705d90f
"-Synchronized-Data."
2024-12-06 13:00:36 +00:00

175 lines
6.4 KiB
JSON
Raw Blame History

{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-10771",
"ASSIGNER": "psirt@sick.de",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Due to missing input validation during one step of the firmware update process, the product\nis vulnerable to remote code execution. With network access and the user level \u201dService\u201d, an attacker\ncan execute arbitrary system commands in the root user\u2019s contexts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code ('Code Injection')",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SICK AG",
"product": {
"product_data": [
{
"product_name": "SICK InspectorP61x",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "<5.0.0"
}
]
}
},
{
"product_name": "SICK InspectorP62x",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "<5.0.0"
}
]
}
},
{
"product_name": "TiM3xx",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "<5.10.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sick.com/psirt",
"refsource": "MISC",
"name": "https://sick.com/psirt"
},
{
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF",
"refsource": "MISC",
"name": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices",
"refsource": "MISC",
"name": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"url": "https://www.first.org/cvss/calculator/3.1",
"refsource": "MISC",
"name": "https://www.first.org/cvss/calculator/3.1"
},
{
"url": "https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0006.pdf",
"refsource": "MISC",
"name": "https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0006.pdf"
},
{
"url": "https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0006.json",
"refsource": "MISC",
"name": "https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0006.json"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "SCA-2024-0006",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "For TiM3xx:&nbsp;\n\nWe recommend updating the firmware only in a trusted environment."
}
],
"value": "For TiM3xx:\u00a0\n\nWe recommend updating the firmware only in a trusted environment."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "For InspectorP61x and InspectorP62x: Customers are strongly recommended to upgrade to the latest release."
}
],
"value": "For InspectorP61x and InspectorP62x: Customers are strongly recommended to upgrade to the latest release."
}
],
"credits": [
{
"lang": "en",
"value": "Manuel Stotz"
},
{
"lang": "en",
"value": "Tobias Jaeger"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}
}
Reference in New Issue View Git Blame Copy Permalink