Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for TLOC100-100 all Firmware versions by SICK AG

    CVE-2025-59463 (GCVE-0-2025-59463)

    Vulnerability from nvd – Published: 2025-10-27 10:14 – Updated: 2025-10-27 18:05
    VLAI
    Title
    Denial-of-service (DoS) via chunk size mismatch
    Summary
    An attacker may cause chunk-size mismatches that block file transfers and prevent subsequent transfers.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://sick.com/psirt x_SICK PSIRT Security Advisories
    https://www.sick.com/media/docs/9/19/719/special_… x_SICK Operating Guidelines
    https://www.cisa.gov/resources-tools/resources/ic… x_ICS-CERT recommended practices on Industrial Security
    https://www.first.org/cvss/calculator/3.1 x_CVSS v3.1 Calculator
    https://www.sick.com/.well-known/csaf/white/2025/… x_The canonical URL.
    https://www.sick.com/.well-known/csaf/white/2025/… vendor-advisory
    Impacted products
    Vendor Product Version
    SICK AG TLOC100-100 all Firmware versions Affected: all versions (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59463",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-27T18:05:11.512680Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-27T18:05:28.122Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "TLOC100-100 all Firmware versions",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn attacker may cause chunk-size mismatches that block file transfers and prevent subsequent transfers.\u003c/p\u003e"
                }
              ],
              "value": "An attacker may cause chunk-size mismatches that block file transfers and prevent subsequent transfers."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "environmentalScore": 4.3,
                "environmentalSeverity": "MEDIUM",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "temporalScore": 4.3,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-833",
                  "description": "CWE-833 Deadlock",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-27T10:14:31.607Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "x_SICK PSIRT Security Advisories"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "tags": [
                "x_SICK Operating Guidelines"
              ],
              "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
            },
            {
              "tags": [
                "x_ICS-CERT recommended practices on Industrial Security"
              ],
              "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
            },
            {
              "tags": [
                "x_CVSS v3.1 Calculator"
              ],
              "url": "https://www.first.org/cvss/calculator/3.1"
            },
            {
              "tags": [
                "x_The canonical URL."
              ],
              "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0013.json"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0013.pdf"
            }
          ],
          "source": {
            "advisory": "SCA-2025-0013",
            "discovery": "INTERNAL"
          },
          "title": "Denial-of-service (DoS) via chunk size mismatch",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003ePlease make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u0026quot;SICK Operating Guidelines\u0026quot; and \u0026quot;ICS-CERT recommended practices on Industrial Security\u0026quot; could help to implement the general security practices.\u003c/p\u003e"
                }
              ],
              "value": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices."
            }
          ],
          "x_generator": {
            "engine": "csaf2cve 0.2.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2025-59463",
        "datePublished": "2025-10-27T10:14:31.607Z",
        "dateReserved": "2025-09-16T13:38:29.663Z",
        "dateUpdated": "2025-10-27T18:05:28.122Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-59462 (GCVE-0-2025-59462)

    Vulnerability from nvd – Published: 2025-10-27 10:12 – Updated: 2025-10-27 18:07
    VLAI
    Title
    Denial-of-service (DoS) via delayed or missing client response
    Summary
    An attacker who tampers with the C++ CLI client may crash the UpdateService during file transfers, disrupting updates and availability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://sick.com/psirt x_SICK PSIRT Security Advisories
    https://www.sick.com/media/docs/9/19/719/special_… x_SICK Operating Guidelines
    https://www.cisa.gov/resources-tools/resources/ic… x_ICS-CERT recommended practices on Industrial Security
    https://www.first.org/cvss/calculator/3.1 x_CVSS v3.1 Calculator
    https://www.sick.com/.well-known/csaf/white/2025/… x_The canonical URL.
    https://www.sick.com/.well-known/csaf/white/2025/… vendor-advisory
    Impacted products
    Vendor Product Version
    SICK AG TLOC100-100 all Firmware versions Affected: all versions (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59462",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-27T18:07:01.108374Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-27T18:07:30.977Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "TLOC100-100 all Firmware versions",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn attacker who tampers with the C++ CLI client may crash the UpdateService during file transfers, disrupting updates and availability.\u003c/p\u003e"
                }
              ],
              "value": "An attacker who tampers with the C++ CLI client may crash the UpdateService during file transfers, disrupting updates and availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "environmentalScore": 6.5,
                "environmentalSeverity": "MEDIUM",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "temporalScore": 6.5,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-248",
                  "description": "CWE-248 Uncaught Exception",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-27T10:12:55.225Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "x_SICK PSIRT Security Advisories"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "tags": [
                "x_SICK Operating Guidelines"
              ],
              "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
            },
            {
              "tags": [
                "x_ICS-CERT recommended practices on Industrial Security"
              ],
              "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
            },
            {
              "tags": [
                "x_CVSS v3.1 Calculator"
              ],
              "url": "https://www.first.org/cvss/calculator/3.1"
            },
            {
              "tags": [
                "x_The canonical URL."
              ],
              "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0013.json"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0013.pdf"
            }
          ],
          "source": {
            "advisory": "SCA-2025-0013",
            "discovery": "INTERNAL"
          },
          "title": "Denial-of-service (DoS) via delayed or missing client response",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003ePlease make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u0026quot;SICK Operating Guidelines\u0026quot; and \u0026quot;ICS-CERT recommended practices on Industrial Security\u0026quot; could help to implement the general security practices.\u003c/p\u003e"
                }
              ],
              "value": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices."
            }
          ],
          "x_generator": {
            "engine": "csaf2cve 0.2.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2025-59462",
        "datePublished": "2025-10-27T10:12:55.225Z",
        "dateReserved": "2025-09-16T13:38:29.663Z",
        "dateUpdated": "2025-10-27T18:07:30.977Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-59461 (GCVE-0-2025-59461)

    Vulnerability from nvd – Published: 2025-10-27 10:11 – Updated: 2025-10-27 18:08
    VLAI
    Title
    API does not require authentication
    Summary
    A remote unauthenticated attacker may use the unauthenticated C++ API to access or modify sensitive data and disrupt services.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://sick.com/psirt x_SICK PSIRT Security Advisories
    https://www.sick.com/media/docs/9/19/719/special_… x_SICK Operating Guidelines
    https://www.cisa.gov/resources-tools/resources/ic… x_ICS-CERT recommended practices on Industrial Security
    https://www.first.org/cvss/calculator/3.1 x_CVSS v3.1 Calculator
    https://www.sick.com/.well-known/csaf/white/2025/… x_The canonical URL.
    https://www.sick.com/.well-known/csaf/white/2025/… vendor-advisory
    Impacted products
    Vendor Product Version
    SICK AG TLOC100-100 all Firmware versions Affected: all versions (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59461",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-27T18:08:04.226982Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-27T18:08:15.868Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "TLOC100-100 all Firmware versions",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA remote unauthenticated attacker may use the unauthenticated C++ API to access or modify sensitive data and disrupt services.\u003c/p\u003e"
                }
              ],
              "value": "A remote unauthenticated attacker may use the unauthenticated C++ API to access or modify sensitive data and disrupt services."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "environmentalScore": 7.6,
                "environmentalSeverity": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "temporalScore": 7.6,
                "temporalSeverity": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-27T10:11:46.163Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "x_SICK PSIRT Security Advisories"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "tags": [
                "x_SICK Operating Guidelines"
              ],
              "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
            },
            {
              "tags": [
                "x_ICS-CERT recommended practices on Industrial Security"
              ],
              "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
            },
            {
              "tags": [
                "x_CVSS v3.1 Calculator"
              ],
              "url": "https://www.first.org/cvss/calculator/3.1"
            },
            {
              "tags": [
                "x_The canonical URL."
              ],
              "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0013.json"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0013.pdf"
            }
          ],
          "source": {
            "advisory": "SCA-2025-0013",
            "discovery": "INTERNAL"
          },
          "title": "API does not require authentication",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003ePlease make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u0026quot;SICK Operating Guidelines\u0026quot; and \u0026quot;ICS-CERT recommended practices on Industrial Security\u0026quot; could help to implement the general security practices.\u003c/p\u003e"
                }
              ],
              "value": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices."
            }
          ],
          "x_generator": {
            "engine": "csaf2cve 0.2.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2025-59461",
        "datePublished": "2025-10-27T10:11:46.163Z",
        "dateReserved": "2025-09-16T13:38:29.663Z",
        "dateUpdated": "2025-10-27T18:08:15.868Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-59463 (GCVE-0-2025-59463)

    Vulnerability from cvelistv5 – Published: 2025-10-27 10:14 – Updated: 2025-10-27 18:05
    VLAI
    Title
    Denial-of-service (DoS) via chunk size mismatch
    Summary
    An attacker may cause chunk-size mismatches that block file transfers and prevent subsequent transfers.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://sick.com/psirt x_SICK PSIRT Security Advisories
    https://www.sick.com/media/docs/9/19/719/special_… x_SICK Operating Guidelines
    https://www.cisa.gov/resources-tools/resources/ic… x_ICS-CERT recommended practices on Industrial Security
    https://www.first.org/cvss/calculator/3.1 x_CVSS v3.1 Calculator
    https://www.sick.com/.well-known/csaf/white/2025/… x_The canonical URL.
    https://www.sick.com/.well-known/csaf/white/2025/… vendor-advisory
    Impacted products
    Vendor Product Version
    SICK AG TLOC100-100 all Firmware versions Affected: all versions (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59463",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-27T18:05:11.512680Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-27T18:05:28.122Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "TLOC100-100 all Firmware versions",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn attacker may cause chunk-size mismatches that block file transfers and prevent subsequent transfers.\u003c/p\u003e"
                }
              ],
              "value": "An attacker may cause chunk-size mismatches that block file transfers and prevent subsequent transfers."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "environmentalScore": 4.3,
                "environmentalSeverity": "MEDIUM",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "temporalScore": 4.3,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-833",
                  "description": "CWE-833 Deadlock",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-27T10:14:31.607Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "x_SICK PSIRT Security Advisories"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "tags": [
                "x_SICK Operating Guidelines"
              ],
              "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
            },
            {
              "tags": [
                "x_ICS-CERT recommended practices on Industrial Security"
              ],
              "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
            },
            {
              "tags": [
                "x_CVSS v3.1 Calculator"
              ],
              "url": "https://www.first.org/cvss/calculator/3.1"
            },
            {
              "tags": [
                "x_The canonical URL."
              ],
              "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0013.json"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0013.pdf"
            }
          ],
          "source": {
            "advisory": "SCA-2025-0013",
            "discovery": "INTERNAL"
          },
          "title": "Denial-of-service (DoS) via chunk size mismatch",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003ePlease make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u0026quot;SICK Operating Guidelines\u0026quot; and \u0026quot;ICS-CERT recommended practices on Industrial Security\u0026quot; could help to implement the general security practices.\u003c/p\u003e"
                }
              ],
              "value": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices."
            }
          ],
          "x_generator": {
            "engine": "csaf2cve 0.2.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2025-59463",
        "datePublished": "2025-10-27T10:14:31.607Z",
        "dateReserved": "2025-09-16T13:38:29.663Z",
        "dateUpdated": "2025-10-27T18:05:28.122Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-59462 (GCVE-0-2025-59462)

    Vulnerability from cvelistv5 – Published: 2025-10-27 10:12 – Updated: 2025-10-27 18:07
    VLAI
    Title
    Denial-of-service (DoS) via delayed or missing client response
    Summary
    An attacker who tampers with the C++ CLI client may crash the UpdateService during file transfers, disrupting updates and availability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://sick.com/psirt x_SICK PSIRT Security Advisories
    https://www.sick.com/media/docs/9/19/719/special_… x_SICK Operating Guidelines
    https://www.cisa.gov/resources-tools/resources/ic… x_ICS-CERT recommended practices on Industrial Security
    https://www.first.org/cvss/calculator/3.1 x_CVSS v3.1 Calculator
    https://www.sick.com/.well-known/csaf/white/2025/… x_The canonical URL.
    https://www.sick.com/.well-known/csaf/white/2025/… vendor-advisory
    Impacted products
    Vendor Product Version
    SICK AG TLOC100-100 all Firmware versions Affected: all versions (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59462",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-27T18:07:01.108374Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-27T18:07:30.977Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "TLOC100-100 all Firmware versions",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn attacker who tampers with the C++ CLI client may crash the UpdateService during file transfers, disrupting updates and availability.\u003c/p\u003e"
                }
              ],
              "value": "An attacker who tampers with the C++ CLI client may crash the UpdateService during file transfers, disrupting updates and availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "environmentalScore": 6.5,
                "environmentalSeverity": "MEDIUM",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "temporalScore": 6.5,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-248",
                  "description": "CWE-248 Uncaught Exception",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-27T10:12:55.225Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "x_SICK PSIRT Security Advisories"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "tags": [
                "x_SICK Operating Guidelines"
              ],
              "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
            },
            {
              "tags": [
                "x_ICS-CERT recommended practices on Industrial Security"
              ],
              "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
            },
            {
              "tags": [
                "x_CVSS v3.1 Calculator"
              ],
              "url": "https://www.first.org/cvss/calculator/3.1"
            },
            {
              "tags": [
                "x_The canonical URL."
              ],
              "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0013.json"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0013.pdf"
            }
          ],
          "source": {
            "advisory": "SCA-2025-0013",
            "discovery": "INTERNAL"
          },
          "title": "Denial-of-service (DoS) via delayed or missing client response",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003ePlease make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u0026quot;SICK Operating Guidelines\u0026quot; and \u0026quot;ICS-CERT recommended practices on Industrial Security\u0026quot; could help to implement the general security practices.\u003c/p\u003e"
                }
              ],
              "value": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices."
            }
          ],
          "x_generator": {
            "engine": "csaf2cve 0.2.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2025-59462",
        "datePublished": "2025-10-27T10:12:55.225Z",
        "dateReserved": "2025-09-16T13:38:29.663Z",
        "dateUpdated": "2025-10-27T18:07:30.977Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-59461 (GCVE-0-2025-59461)

    Vulnerability from cvelistv5 – Published: 2025-10-27 10:11 – Updated: 2025-10-27 18:08
    VLAI
    Title
    API does not require authentication
    Summary
    A remote unauthenticated attacker may use the unauthenticated C++ API to access or modify sensitive data and disrupt services.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://sick.com/psirt x_SICK PSIRT Security Advisories
    https://www.sick.com/media/docs/9/19/719/special_… x_SICK Operating Guidelines
    https://www.cisa.gov/resources-tools/resources/ic… x_ICS-CERT recommended practices on Industrial Security
    https://www.first.org/cvss/calculator/3.1 x_CVSS v3.1 Calculator
    https://www.sick.com/.well-known/csaf/white/2025/… x_The canonical URL.
    https://www.sick.com/.well-known/csaf/white/2025/… vendor-advisory
    Impacted products
    Vendor Product Version
    SICK AG TLOC100-100 all Firmware versions Affected: all versions (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59461",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-27T18:08:04.226982Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-27T18:08:15.868Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "TLOC100-100 all Firmware versions",
              "vendor": "SICK AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA remote unauthenticated attacker may use the unauthenticated C++ API to access or modify sensitive data and disrupt services.\u003c/p\u003e"
                }
              ],
              "value": "A remote unauthenticated attacker may use the unauthenticated C++ API to access or modify sensitive data and disrupt services."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "environmentalScore": 7.6,
                "environmentalSeverity": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "temporalScore": 7.6,
                "temporalSeverity": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-27T10:11:46.163Z",
            "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
            "shortName": "SICK AG"
          },
          "references": [
            {
              "tags": [
                "x_SICK PSIRT Security Advisories"
              ],
              "url": "https://sick.com/psirt"
            },
            {
              "tags": [
                "x_SICK Operating Guidelines"
              ],
              "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
            },
            {
              "tags": [
                "x_ICS-CERT recommended practices on Industrial Security"
              ],
              "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
            },
            {
              "tags": [
                "x_CVSS v3.1 Calculator"
              ],
              "url": "https://www.first.org/cvss/calculator/3.1"
            },
            {
              "tags": [
                "x_The canonical URL."
              ],
              "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0013.json"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0013.pdf"
            }
          ],
          "source": {
            "advisory": "SCA-2025-0013",
            "discovery": "INTERNAL"
          },
          "title": "API does not require authentication",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003ePlease make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u0026quot;SICK Operating Guidelines\u0026quot; and \u0026quot;ICS-CERT recommended practices on Industrial Security\u0026quot; could help to implement the general security practices.\u003c/p\u003e"
                }
              ],
              "value": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices."
            }
          ],
          "x_generator": {
            "engine": "csaf2cve 0.2.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "assignerShortName": "SICK AG",
        "cveId": "CVE-2025-59461",
        "datePublished": "2025-10-27T10:11:46.163Z",
        "dateReserved": "2025-09-16T13:38:29.663Z",
        "dateUpdated": "2025-10-27T18:08:15.868Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }