Vulnerabilites related to SICK AG - SICK FLX3-CPUC200
CVE-2025-32470 (GCVE-0-2025-32470)
Vulnerability from cvelistv5
Published
2025-04-28 09:07
Modified
2025-04-28 15:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - (Improper Access Control)
Summary
A remote unauthenticated attacker may be able to change the IP adress of the device, and therefore affecting the availability of the device.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | SICK AG | SICK FLX0-GPNT100 |
Version: all versions |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32470",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T15:41:57.691647Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T15:45:46.363Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SICK FLX0-GPNT100",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "affected",
"product": "SICK FLX3-CPUC200",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"datePublic": "2025-04-28T08:49:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A remote unauthenticated attacker may be able to change the IP adress of the device, and therefore affecting the availability of the device."
}
],
"value": "A remote unauthenticated attacker may be able to change the IP adress of the device, and therefore affecting the availability of the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 (Improper Access Control)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T09:07:02.830Z",
"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"shortName": "SICK AG"
},
"references": [
{
"tags": [
"x_SICK PSIRT Website"
],
"url": "https://sick.com/psirt"
},
{
"tags": [
"x_SICK Operating Guidelines"
],
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"tags": [
"x_ICS-CERT"
],
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"tags": [
"x_CVSS v3.1 Calculator"
],
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0005.pdf"
},
{
"tags": [
"vendor-advisory",
"x_csaf"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0005.json"
}
],
"source": {
"advisory": "SCA-2025-0005",
"discovery": "INTERNAL"
},
"title": "Unauthenticated change of IP adress",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u201dSICK Operating Guidelines\u201d and \u201dICS-CERT recommended practices on Industrial Security\u201d could help to implement the general security practices.\u003cbr\u003e"
}
],
"value": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u201dSICK Operating Guidelines\u201d and \u201dICS-CERT recommended practices on Industrial Security\u201d could help to implement the general security practices."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"assignerShortName": "SICK AG",
"cveId": "CVE-2025-32470",
"datePublished": "2025-04-28T09:07:02.830Z",
"dateReserved": "2025-04-09T07:42:18.369Z",
"dateUpdated": "2025-04-28T15:45:46.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32471 (GCVE-0-2025-32471)
Vulnerability from cvelistv5
Published
2025-04-28 09:11
Modified
2025-04-28 15:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1391 - (Use of Weak Credentials)
Summary
The device’s passwords have not been adequately salted, making them vulnerable to password extraction attacks.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SICK AG | SICK FLX3-CPUC200 |
Version: all versions |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32471",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T15:38:04.731697Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T15:40:34.748Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SICK FLX3-CPUC200",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"datePublic": "2025-04-28T08:49:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The device\u2019s passwords have not been adequately salted, making them vulnerable to password extraction attacks."
}
],
"value": "The device\u2019s passwords have not been adequately salted, making them vulnerable to password extraction attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1391",
"description": "CWE-1391 (Use of Weak Credentials)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T09:11:20.143Z",
"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"shortName": "SICK AG"
},
"references": [
{
"tags": [
"x_SICK PSIRT Website"
],
"url": "https://sick.com/psirt"
},
{
"tags": [
"x_SICK Operating Guidelines"
],
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"tags": [
"x_ICS-CERT"
],
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"tags": [
"x_CVSS v3.1 Calculator"
],
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0005.pdf"
},
{
"tags": [
"vendor-advisory",
"x_csaf"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0005.json"
}
],
"source": {
"advisory": "SCA-2025-0005",
"discovery": "INTERNAL"
},
"title": "Reuse of salt",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"assignerShortName": "SICK AG",
"cveId": "CVE-2025-32471",
"datePublished": "2025-04-28T09:11:20.143Z",
"dateReserved": "2025-04-09T07:42:18.369Z",
"dateUpdated": "2025-04-28T15:40:34.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}