mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
80 lines
2.5 KiB
JSON
80 lines
2.5 KiB
JSON
{
|
|
"id": "CVE-2024-10771",
|
|
"sourceIdentifier": "psirt@sick.de",
|
|
"published": "2024-12-06T13:15:04.797",
|
|
"lastModified": "2024-12-06T13:15:04.797",
|
|
"vulnStatus": "Awaiting Analysis",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Due to missing input validation during one step of the firmware update process, the product\nis vulnerable to remote code execution. With network access and the user level \u201dService\u201d, an attacker\ncan execute arbitrary system commands in the root user\u2019s contexts."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Debido a la falta de validaci\u00f3n de entrada durante un paso del proceso de actualizaci\u00f3n del firmware, el producto es vulnerable a la ejecuci\u00f3n remota de c\u00f3digo. Con acceso a la red y el nivel de usuario \"Servicio\", un atacante puede ejecutar comandos arbitrarios del sistema en los contextos del usuario ra\u00edz."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "psirt@sick.de",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"baseScore": 8.8,
|
|
"baseSeverity": "HIGH",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH"
|
|
},
|
|
"exploitabilityScore": 2.8,
|
|
"impactScore": 5.9
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "psirt@sick.de",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-94"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF",
|
|
"source": "psirt@sick.de"
|
|
},
|
|
{
|
|
"url": "https://sick.com/psirt",
|
|
"source": "psirt@sick.de"
|
|
},
|
|
{
|
|
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices",
|
|
"source": "psirt@sick.de"
|
|
},
|
|
{
|
|
"url": "https://www.first.org/cvss/calculator/3.1",
|
|
"source": "psirt@sick.de"
|
|
},
|
|
{
|
|
"url": "https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0006.json",
|
|
"source": "psirt@sick.de"
|
|
},
|
|
{
|
|
"url": "https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0006.pdf",
|
|
"source": "psirt@sick.de"
|
|
}
|
|
]
|
|
} |