CVE-2025-32471

Summary

The device’s passwords have not been adequately salted, making them vulnerable to password extraction attacks.

Affected Software

VendorProductVersion RangeStatus
SICK AGSICK FLX3-CPUC200all versionsaffected
SICK AGTDC-X401GLall versionsaffected

Weaknesses

  • CWE-1391: CWE-1391 (Use of Weak Credentials)

Workarounds

For TDC-X401GL: Upon completion of the initial device setup, deactivate AppEngine. Disabling it fully mitigates this vulnerability.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References