CVE-2024-10025

Published Oct 17, 2024

Last updated a month ago

CVSS critical 9.1

Overview

Description
A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an “Authorized Client” if the customer has not changed the default password.
Source
psirt@sick.de
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.1
Impact score
5.2
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Severity
CRITICAL

Weaknesses

psirt@sick.de
CWE-798

Social media

Hype score
Not currently trending

  1. CVE-2024-10025 (CVSS:9.1, CRITICAL) is Awaiting Analysis. A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By e..https://t.co/pNNtFfXSDc #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    22 Oct 2024

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2024-10025 (Published: 2024-10-17) - A critical vulnerability in SICK AG products. Affects multiple versions. Remediation is crucial! For details, check the official advisory: https://t.co/g3sNQzFeKi. Stay secure! #CyberSecurity #CVE

    @transilienceai

    21 Oct 2024

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 CVE-2024-10025 (Published: 2024-10-17) - Critical vulnerability in SICK AG products. Affects multiple versions. Immediate remediation is essential! For details, visit: https://t.co/g3sNQzFeKi. Stay secure! #CyberSecurity #CVE #VulnerabilityManagement

    @transilienceai

    21 Oct 2024

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 CVE-2024-10025 (Published: 2024-10-17) - A critical vulnerability in SICK AG products. Affects multiple versions. Immediate remediation is essential! For details and mitigation strategies, check the official advisory: https://t.co/g3sNQzFeKi #CyberSecurity #VulnerabilityAlert

    @transilienceai

    21 Oct 2024

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 CVE-2024-10025 (Published: 2024-10-17) - A critical vulnerability in SICK AG products. Affects specific versions. Immediate remediation is essential! For detailed info and mitigation steps, check the official advisory: https://t.co/g3sNQzFeKi #CyberSecurity #CVE

    @transilienceai

    21 Oct 2024

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 🚨 CVE-2024-10025 (Published: 2024-10-17) - Critical vulnerability in SICK AG products. Affects multiple versions. Immediate remediation is essential! For detailed info and mitigation steps, check the official advisory: https://t.co/g3sNQzFeKi #CyberSecurity #CVE

    @transilienceai

    21 Oct 2024

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🚨 CVE-2024-10025 (Published: 2024-10-17) - A high-severity vulnerability in SICK AG products. Affects specific versions. Remediation steps are available at https://t.co/DIBz52wtFv. Ensure your systems are updated to protect against potential exploits! #CyberSecurity… https://t.c

    @transilienceai

    21 Oct 2024

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 🔒 CVE-2024-10025 (Published: 2024-10-17) - A high-severity vulnerability in SICK AG products. Affects specific versions; ensure your systems are updated! For remediation details, visit: https://t.co/DIBz52wtFv. Stay secure and protect your assets! #CyberSecurity… https://t.co/T9

    @transilienceai

    21 Oct 2024

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 🚨 CVE-2024-10025 (Published: 2024-10-17) - High severity vulnerability in SICK AG products. Affected versions include SCA-2024-0001. Remediation steps are available at https://t.co/DIBz52wtFv. Ensure your systems are updated to protect against potential exploits! #CyberSecurity…

    @transilienceai

    21 Oct 2024

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. CVE-2024-10025 (CVSS 9.1): Critical Flaw in SICK Products Exposes Systems to Remote Attacks Learn about the critical flaw CVE-2024-10025 affecting SICK products. Find out how attackers can exploit hard-coded credentials to compromise device security. https://t.co/DMVpeeUwtz

    @the_yellow_fall

    20 Oct 2024

    340 Impressions

    1 Retweet

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. [CVE-2024-10025: CRITICAL] Cybersecurity alert: .sdd file vulnerability exposes default passwords in plain text, enabling attackers to infiltrate SICK products as "Authorized Client." Be cautious!#cybersecurity,#vulnerability https://t.co/iOvBZi9WSs https://t.co/bq3DOwiBir

    @CveFindCom

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. 🌐🚨 ¡Atención a todos los usuarios de productos SICK! Ha surgido una nueva vulnerabilidad crítica, CVE-2024-10025, que afecta a archivos .sdd. Esta falla permite a un atacante acceder a contraseñas predeterminadas en texto plano, pudiendo así iniciar sesión como un "Cliente… htt

    @antu_tech

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. CVE-2024-10025 A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an atta… https://t.co/tcBU5BN2Su

    @CVEnew

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References