CVE-2024-11075

high

Description

A vulnerability in the Incoming Goods Suite allows a user with unprivileged access to the underlying system (e.g. local or via SSH) a privilege escalation to the administrative level due to the usage of component vendor Docker images running with root permissions. Exploiting this misconfiguration leads to the fact that an attacker can gain administrative control. over the whole system.

References

Advisories
More

https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0005.pdf

https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0005.json

https://www.first.org/cvss/calculator/3.1

https://www.cisa.gov/resources-tools/resources/ics-recommended-practices

https://sick.com/psirt

https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF

Details

Source: Mitre, NVD

Published: 2024-11-19

Updated: 2026-04-15

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.0003