Insufficient Password Salting in Sick Devices
CVE-2025-32471

3.7LOW

Key Information:

Vendor
Sick Ag
Status
Sick Flx3-cpuc200
Vendor
CVE Published:
28 April 2025

Summary

The vulnerability in SICK devices stems from inadequate salting of passwords, leaving them susceptible to extraction through various password cracking techniques. This flaw presents a security risk, compromising the integrity of user credentials and potentially enabling unauthorized access to sensitive systems. It is crucial for users to ensure their devices are updated and follow security best practices to mitigate this risk.

Affected Version(s)

SICK FLX3-CPUC200 all versions

References

https://sick.com/psirt
x_SICK PSIRT Website
https://cdn.sick.com/media/docs/1/11/411/Special_informat...
x_SICK Operating Guidelines
https://www.cisa.gov/resources-tools/resources/ics-recomm...
x_ICS-CERT

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.