CVE-2024-11075

HIGH

Incoming Goods Suite - Privilege Escalation

Title source: llm

Description

A vulnerability in the Incoming Goods Suite allows a user with unprivileged access to the underlying system (e.g. local or via SSH) a privilege escalation to the administrative level due to the usage of component vendor Docker images running with root permissions. Exploiting this misconfiguration leads to the fact that an attacker can gain administrative control. over the whole system.

References (6)

[Various Sources] https://sick.com/psirt

[Various Sources] https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF

[Third Party Advisory, US Government Resource] https://www.cisa.gov/resources-tools/resources/ics-recommended-practices

[Various Sources] https://www.first.org/cvss/calculator/3.1

[Various Sources] https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0005.pdf

[Various Sources] https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0005.json

Scores

CVSS v3 8.8

EPSS 0.0009

EPSS Percentile 25.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-250

Status published

Products (1)

SICK AG/SICK Incoming Goods Suite 1.0.0

Published Nov 19, 2024

Tracked Since Feb 18, 2026