CVE-2024-11075

A vulnerability in the Incoming Goods Suite allows a user with unprivileged access to the underlying system (e.g. local or via SSH) a privilege escalation to the administrative level due to the usage of component vendor Docker images running with root permissions. Exploiting this misconfiguration leads to the fact that an attacker can gain administrative control. over the whole system.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.0 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF
https://sick.com/psirt
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
https://www.first.org/cvss/calculator/3.1
https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0005.json
https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0005.pdf

Configurations

No configuration.

History

19 Nov 2024, 21:57

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad en Incoming Goods Suite permite a un usuario con acceso sin privilegios al sistema subyacente (por ejemplo, local o a través de SSH) una escalada de privilegios al nivel administrativo debido al uso de imágenes Docker del proveedor de componentes que se ejecutan con permisos de superusuario. La explotación de esta configuración incorrecta permite que un atacante obtenga control administrativo sobre todo el sistema.

19 Nov 2024, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-19 14:15

Updated : 2024-11-19 21:57

NVD link : CVE-2024-11075

Mitre link : CVE-2024-11075

CVE.ORG link : CVE-2024-11075

JSON object : View

Products Affected

No product.

CWE

CWE-250

Execution with Unnecessary Privileges

{"id": "CVE-2024-11075", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@sick.de", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.0}]}, "published": "2024-11-19T14:15:17.340", "references": [{"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF", "source": "psirt@sick.de"}, {"url": "https://sick.com/psirt", "source": "psirt@sick.de"}, {"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices", "source": "psirt@sick.de"}, {"url": "https://www.first.org/cvss/calculator/3.1", "source": "psirt@sick.de"}, {"url": "https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0005.json", "source": "psirt@sick.de"}, {"url": "https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0005.pdf", "source": "psirt@sick.de"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "psirt@sick.de", "description": [{"lang": "en", "value": "CWE-250"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Incoming Goods Suite allows a user with unprivileged access to the underlying system (e.g. local or via SSH) a privilege escalation to the administrative level due to the usage of component vendor Docker images running with root permissions. Exploiting this misconfiguration leads to the fact that an attacker can gain administrative control. over the whole system."}, {"lang": "es", "value": "Una vulnerabilidad en Incoming Goods Suite permite a un usuario con acceso sin privilegios al sistema subyacente (por ejemplo, local o a trav\u00e9s de SSH) una escalada de privilegios al nivel administrativo debido al uso de im\u00e1genes Docker del proveedor de componentes que se ejecutan con permisos de superusuario. La explotaci\u00f3n de esta configuraci\u00f3n incorrecta permite que un atacante obtenga control administrativo sobre todo el sistema."}], "lastModified": "2024-11-19T21:57:32.967", "sourceIdentifier": "psirt@sick.de"}