CVE-2024-10773

critical

Description

The product is vulnerable to pass-the-hash attacks in combination with hardcoded credentials of hidden user levels. This means that an attacker can log in with the hidden user levels and gain full access to the device.

References

Advisories
More

https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0006.pdf

https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0006.json

https://www.first.org/cvss/calculator/3.1

https://www.cisa.gov/resources-tools/resources/ics-recommended-practices

https://sick.com/psirt

https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF

Details

Source: Mitre, NVD

Published: 2024-12-06

Updated: 2026-04-15

Risk Information

CVSS v2

Base Score: 7.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00159

Detections

Analytics