CVE-2024-10776
📋 TL;DR
This vulnerability allows unauthorized users to deploy, remove, start, reload, or stop Lua applications via AppManager in SICK products. Attackers can cause denial-of-service by removing legitimate apps, read/write files, or load malicious apps with full product capabilities. Affects SICK industrial automation and sensor products running vulnerable versions.
💻 Affected Systems
- SICK industrial automation products with AppManager functionality
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise allowing attackers to deploy malicious Lua apps with full product privileges, leading to data theft, system manipulation, or permanent DoS.
Likely Case
Unauthorized app management leading to service disruption, configuration changes, or unauthorized file access.
If Mitigated
Limited impact if proper network segmentation and access controls prevent unauthorized access to AppManager interface.
🎯 Exploit Status
Exploitation requires network access to AppManager interface; no authentication needed per CVE description.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check SICK advisory SCA-2024-0006 for specific fixed versions
Vendor Advisory: https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0006.json
Restart Required: Yes
Instructions:
1. Review SICK advisory SCA-2024-0006. 2. Identify affected products and versions. 3. Apply vendor-provided firmware updates. 4. Restart affected devices. 5. Verify fix implementation.
🔧 Temporary Workarounds
Network Segmentation
allIsolate affected devices from untrusted networks and restrict access to AppManager interface.
Access Control Lists
allImplement firewall rules to restrict access to AppManager ports from authorized IPs only.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate affected devices
- Monitor AppManager access logs for unauthorized activity
🔍 How to Verify
Check if Vulnerable:
Check device firmware version against SICK advisory SCA-2024-0006; test if AppManager accepts unauthorized Lua app management requests.Check Version:
Device-specific; consult SICK product documentation for version check commands.Verify Fix Applied:
After patching, verify firmware version is updated and test that AppManager requires proper authentication for Lua app management.📡 Detection & Monitoring
Log Indicators:
- Unauthorized AppManager access attempts
- Unexpected Lua app deployment/removal events
- Failed authentication attempts to AppManager
Network Indicators:
- Unusual traffic to AppManager ports from unauthorized sources
- Lua app management requests without authentication
SIEM Query:
source_ip NOT IN (authorized_ips) AND destination_port IN (appmanager_ports)🔗 References
- https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF
- https://sick.com/psirt
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
- https://www.first.org/cvss/calculator/3.1
- https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0006.json
- https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0006.pdf
