SICK Inbound Cargo Suite CVE-2024-11075 Privilege Escalation via Root Docker

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Description: - Vulnerability Name: A vulnerability was discovered in the SICK Inbound Goods Suite that allows privilege escalation to administrator level. - Impact: The vulnerability allows users with non-privileged access (e.g., local or via SSH) to escalate privileges to administrator level, due to the component vendor's Docker image running with root privileges. 2. Exploitation: - Exploitation Method: Exploits a misconfiguration where the component vendor's Docker image runs with root privileges. - Scope of Impact: This vulnerability could enable attackers to gain full control over the system. 3. Vulnerability Rating: - CVSS v3 Score: - Attack Complexity: Low - Attack Vector: Local - Availability Impact: High - Base Score: 8.8 - Environmental Score: 8.8 - User Interaction: None - Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 4. Remediation Recommendations: - Recommendation: Strongly recommended to upgrade to the latest version 1.1.0. - Additional Recommendation: When running the Docker daemon and containers, it is advised to use rootless mode. This requires setting the environment variables DOCKER_USER_ID and DOCKER_GROUP_ID. The Docker daemon can then run as a non-root user, especially when the path DOCKER_SOCKET_PATH=/run/user/${DOCKER_USER_ID}/docker.sock is configured. 5. Affected Products: - Product Name: SICK Inbound Goods Suite - Product Versions: 1.0.0 and 1.1.0 6. Vulnerability Identifiers: - CVE ID: CVE-2024-11075 - CWE ID: CWE-250 - Name: Execution with Unnecessary Privileges 7. Publisher: - Name: SICK PSIRT - Contact Information: psirt@sick.de - Responsibility: SICK PSIRT is responsible for any vulnerabilities related to SICK products. 8. Reference Links: - SICK PSIRT Security Advisory - SICK Operating Instructions - ICS-CERT Recommended Industrial Security Practices - CVSS v3.1 Calculator - Docker Engine Post-Installation Steps - Docker Rootless Mode This information helps users understand the severity, scope of impact, and how to remediate and prevent the vulnerability.

Goal Reached Thanks to every supporter — we hit 100%!

SICK Inbound Cargo Suite CVE-2024-11075 Privilege Escalation via Root Docker