Access Control Vulnerability in Sick Product
CVE-2025-59460

7.5HIGH

Key Information:

Vendor

Sick Ag

Status
Tloc100-100 With Firmware <7.1.1
Tloc100-100 With Firmware >=7.1.1
Vendor
CVE Published:
27 October 2025

What is CVE-2025-59460?

The Sick System is impacted by an access control misconfiguration that exists in its default deployment state. This configuration does not align with the current best practices for securing access, thereby heightening the risk of unauthorized connections to the system. Organizations utilizing this product should review their system configurations and implement stricter access control measures to mitigate potential threats.

Affected Version(s)

TLOC100-100 with Firmware <7.1.1 0

TLOC100-100 with Firmware >=7.1.1 >=7.1.1

References

https://sick.com/psirt
x_SICK PSIRT Security Advisories
https://www.sick.com/media/docs/9/19/719/special_informat...
x_SICK Operating Guidelines
https://www.cisa.gov/resources-tools/resources/ics-recomm...
x_ICS-CERT recommended practices on Industrial Security

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.