Remote IP Address Modification Vulnerability in SICK Device
CVE-2025-32470

7.5HIGH

Key Information:

Vendor
Sick Ag
Status
Sick Flx0-gpnt100
Sick Flx3-cpuc200
Vendor
CVE Published:
28 April 2025

Summary

A vulnerability has been identified in SICK devices that enables unauthenticated remote attackers to modify the IP address of the device. This manipulation can disrupt the device's network availability, potentially leading to downtime or loss of functionality. Organizations using these devices should assess their cybersecurity posture and implement appropriate safeguards to mitigate the potential impact of this vulnerability.

Affected Version(s)

SICK FLX0-GPNT100 all versions

SICK FLX3-CPUC200 all versions

References

https://sick.com/psirt
x_SICK PSIRT Website
https://cdn.sick.com/media/docs/1/11/411/Special_informat...
x_SICK Operating Guidelines
https://www.cisa.gov/resources-tools/resources/ics-recomm...
x_ICS-CERT

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.