Remote IP Address Modification Vulnerability in SICK Device
CVE-2025-32470

7.5HIGH

Key Information:

Vendor: Sick Ag
Status: Sick Flx0-gpnt100; Sick Flx3-cpuc200
Vendor: CVE Published:; 28 April 2025

What is CVE-2025-32470?

A vulnerability has been identified in SICK devices that enables unauthenticated remote attackers to modify the IP address of the device. This manipulation can disrupt the device's network availability, potentially leading to downtime or loss of functionality. Organizations using these devices should assess their cybersecurity posture and implement appropriate safeguards to mitigate the potential impact of this vulnerability.

Affected Version(s)

SICK FLX0-GPNT100 all versions

SICK FLX3-CPUC200 all versions

References

https://sick.com/psirt

x_SICK PSIRT Website

https://cdn.sick.com/media/docs/1/11/411/Special_informat...

x_SICK Operating Guidelines

https://www.cisa.gov/resources-tools/resources/ics-recomm...

x_ICS-CERT

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 28, 2025
Vulnerability Reserved
Apr 9, 2025

Sick Ag

What is CVE-2025-32470?

Affected Version(s)

References

CVSS V3.1

Timeline