CVE-2024-11075
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
19/11/2024
Last modified:
19/11/2024
Description
A vulnerability in the Incoming Goods Suite allows a user with unprivileged access to the underlying system (e.g. local or via SSH) a privilege escalation to the administrative level due to the usage of component vendor Docker images running with root permissions. Exploiting this misconfiguration leads to the fact that an attacker can gain administrative control. over the whole system.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
References to Advisories, Solutions, and Tools
- https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF
- https://sick.com/psirt
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
- https://www.first.org/cvss/calculator/3.1
- https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0005.json
- https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0005.pdf