cbcvebase.

Sick Ag Sick Inspectorp61X vulnerabilities

6 known vulnerabilities affecting sick_ag/sick_inspectorp61x.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH4MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2024-10771P2HIGHCVSS 8.8fixed in <5.0.02024-12-06
CVE-2024-10771 [HIGH] CWE-94 CVE-2024-10771: Due to missing input validation during one step of the firmware update process, the product is vulne Due to missing input validation during one step of the firmware update process, the product is vulnerable to remote code execution. With network access and the user level ”Service”, an attacker can execute arbitrary system commands in the root user’s contexts.
nvd
CVE-2024-10773P3CRITICALCVSS 9.0fixed in <5.0.02024-12-06
CVE-2024-10773 [CRITICAL] CWE-912 CVE-2024-10773: The product is vulnerable to pass-the-hash attacks in combination with hardcoded credentials of hidd The product is vulnerable to pass-the-hash attacks in combination with hardcoded credentials of hidden user levels. This means that an attacker can log in with the hidden user levels and gain full access to the device.
nvd
CVE-2024-10772P3HIGHCVSS 8.8fixed in <5.0.02024-12-06
CVE-2024-10772 [HIGH] CWE-649 CVE-2024-10772: Since the firmware update is not validated, an attacker can install modified firmware on the device. Since the firmware update is not validated, an attacker can install modified firmware on the device. This has a high impact on the availabilty, integrity and confidentiality up to the complete compromise of the device.
nvd
CVE-2024-10774P3HIGHCVSS 7.3fixed in <5.0.02024-12-06
CVE-2024-10774 [HIGH] CWE-306 CVE-2024-10774: Unauthenticated CROWN APIs allow access to critical functions. This leads to the accessibility of la Unauthenticated CROWN APIs allow access to critical functions. This leads to the accessibility of large parts of the web application without authentication.
nvd
CVE-2024-10776P3HIGHCVSS 8.2fixed in <5.0.02024-12-06
CVE-2024-10776 [HIGH] CWE-306 CVE-2024-10776: Lua apps can be deployed, removed, started, reloaded or stopped without authorization via AppManager Lua apps can be deployed, removed, started, reloaded or stopped without authorization via AppManager. This allows an attacker to remove legitimate apps creating a DoS attack, read and write files or load apps that use all features of the product available to a customer.
nvd
CVE-2024-11022P4MEDIUMCVSS 5.6vall versions2024-12-06
CVE-2024-11022 [MEDIUM] CWE-323 CVE-2024-11022: The authentication process to the web server uses a challenge response procedure which inludes the n The authentication process to the web server uses a challenge response procedure which inludes the nonce and additional information. This challenge can be used several times for login and is therefore vulnerable for a replay attack.
nvd
Sick Ag Sick Inspectorp61X vulnerabilities | cvebase