{
    "dataType": "CVE_RECORD",
    "dataVersion": "5.1",
    "cveMetadata": {
        "cveId": "CVE-2024-10025",
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "state": "PUBLISHED",
        "assignerShortName": "SICK AG",
        "dateReserved": "2024-10-16T07:45:23.632Z",
        "datePublished": "2024-10-17T09:58:03.111Z",
        "dateUpdated": "2024-10-17T16:33:53.645Z"
    },
    "containers": {
        "cna": {
            "affected": [
                {
                    "defaultStatus": "unaffected",
                    "product": "SICK CLV6xx",
                    "vendor": "SICK AG",
                    "versions": [
                        {
                            "status": "affected",
                            "version": "all versions"
                        }
                    ]
                },
                {
                    "defaultStatus": "unaffected",
                    "product": "SICK Lector6xx",
                    "vendor": "SICK AG",
                    "versions": [
                        {
                            "status": "affected",
                            "version": "all versions"
                        }
                    ]
                },
                {
                    "defaultStatus": "unaffected",
                    "product": "SICK RFx6xx",
                    "vendor": "SICK AG",
                    "versions": [
                        {
                            "status": "affected",
                            "version": "all versions"
                        }
                    ]
                }
            ],
            "datePublic": "2024-10-17T09:44:00.000Z",
            "descriptions": [
                {
                    "lang": "en",
                    "supportingMedia": [
                        {
                            "base64": false,
                            "type": "text/html",
                            "value": "A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an “Authorized Client” if the customer has not changed the default password."
                        }
                    ],
                    "value": "A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an “Authorized Client” if the customer has not changed the default password."
                }
            ],
            "metrics": [
                {
                    "cvssV3_1": {
                        "attackComplexity": "LOW",
                        "attackVector": "NETWORK",
                        "availabilityImpact": "HIGH",
                        "baseScore": 9.1,
                        "baseSeverity": "CRITICAL",
                        "confidentialityImpact": "NONE",
                        "integrityImpact": "HIGH",
                        "privilegesRequired": "NONE",
                        "scope": "UNCHANGED",
                        "userInteraction": "NONE",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                        "version": "3.1"
                    },
                    "format": "CVSS",
                    "scenarios": [
                        {
                            "lang": "en",
                            "value": "GENERAL"
                        }
                    ]
                }
            ],
            "problemTypes": [
                {
                    "descriptions": [
                        {
                            "cweId": "CWE-798",
                            "description": "CWE-798 Use of Hard-coded Credentials",
                            "lang": "en",
                            "type": "CWE"
                        }
                    ]
                }
            ],
            "providerMetadata": {
                "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
                "shortName": "SICK AG",
                "dateUpdated": "2024-10-17T09:58:03.111Z"
            },
            "references": [
                {
                    "tags": [
                        "x_SICK PSIRT Webseite"
                    ],
                    "url": "https://sick.com/psirt"
                },
                {
                    "tags": [
                        "x_ICS-CERT recommended practices on Industrial Security"
                    ],
                    "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
                },
                {
                    "tags": [
                        "x_SICK Operating Guidelines"
                    ],
                    "url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
                },
                {
                    "tags": [
                        "x_CVSS v3.1 Calculator"
                    ],
                    "url": "https://www.first.org/cvss/calculator/3.1"
                },
                {
                    "tags": [
                        "vendor-advisory"
                    ],
                    "url": "https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0003.pdf"
                },
                {
                    "tags": [
                        "vendor-advisory",
                        "x_csaf"
                    ],
                    "url": "https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0003.json"
                }
            ],
            "solutions": [
                {
                    "lang": "en",
                    "supportingMedia": [
                        {
                            "base64": false,
                            "type": "text/html",
                            "value": "Customers are strongly advised to change their default passwords.<br>"
                        }
                    ],
                    "value": "Customers are strongly advised to change their default passwords."
                }
            ],
            "source": {
                "advisory": "sca-2024-0003",
                "discovery": "INTERNAL"
            },
            "timeline": [
                {
                    "lang": "en",
                    "time": "2024-10-17T09:53:00.000Z",
                    "value": "1: Initial version"
                }
            ],
            "title": "Vulnerability in SICK CLV6xx, SICK Lector6xx and SICK RFx6xx",
            "x_generator": {
                "engine": "Vulnogram 0.2.0"
            }
        },
        "adp": [
            {
                "affected": [
                    {
                        "vendor": "sick",
                        "product": "rfu620-10507_firmware",
                        "cpes": [
                            "cpe:2.3:o:sick:lector611_firmware:*:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:lector610_firmware:*:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:lector620_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:lector621_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:lector622_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:lector630_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:lector632_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:lector640_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:lector642_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:lector650_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:lector651_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:lector654_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:clv620_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:clv621_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:clv622_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:clv630_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:clv631_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:clv632_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:clv640_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:clv642_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:clv650_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:clv651_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:rfu610-10600_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:rfu610-10601_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:rfu610-10603_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:rfu610-10604_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:rfu610-10605_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:rfu610-10607_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:rfu610-10609_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:rfu610-10610_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:rfu610-10613_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:rfu610-10614_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:rfu610-10618_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:rfu610-10700_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:rfu620-10100_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:rfu620-10101_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:rfu620-10102_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:rfu620-10103_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:rfu620-10104_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:rfu620-10105_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:rfu620-10107_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:rfu620-10108_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:rfu620-10111_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:rfu620-10114_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:rfu620-10118_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:rfu620-10400_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:rfu620-10401_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:rfu620-10500_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:rfu620-10501_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:rfu620-10503_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:rfu620-10504_firmware:-:*:*:*:*:*:*:*",
                            "cpe:2.3:o:sick:rfu620-10507_firmware:-:*:*:*:*:*:*:*"
                        ],
                        "defaultStatus": "unaffected",
                        "versions": [
                            {
                                "version": "0",
                                "status": "affected",
                                "lessThan": "*",
                                "versionType": "custom"
                            }
                        ]
                    }
                ],
                "metrics": [
                    {
                        "other": {
                            "type": "ssvc",
                            "content": {
                                "timestamp": "2024-10-17T13:41:03.974704Z",
                                "id": "CVE-2024-10025",
                                "options": [
                                    {
                                        "Exploitation": "none"
                                    },
                                    {
                                        "Automatable": "yes"
                                    },
                                    {
                                        "Technical Impact": "partial"
                                    }
                                ],
                                "role": "CISA Coordinator",
                                "version": "2.0.3"
                            }
                        }
                    }
                ],
                "title": "CISA ADP Vulnrichment",
                "providerMetadata": {
                    "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                    "shortName": "CISA-ADP",
                    "dateUpdated": "2024-10-17T16:33:53.645Z"
                }
            }
        ]
    }
}