CVE-2025-59460
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
The system is deployed in its default state, with configuration settings that do not comply with the latest best practices for restricting access. This increases the risk of unauthorised connections.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SICK AG | TLOC100-100 with Firmware <7.1.1 | 0 < <7.1.1 | affected |
| SICK AG | TLOC100-100 with Firmware >=7.1.1 | >=7.1.1 | unaffected |
Weaknesses
- CWE-1391: CWE-1391 Use of Weak Credentials
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://sick.com/psirt
- https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
- https://www.first.org/cvss/calculator/3.1
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0013.json
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0013.pdf
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.