CVE-2025-59460

The system is deployed in its default state, with configuration settings that do not comply with the latest best practices for restricting access. This increases the risk of unauthorised connections.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://sick.com/psirt	Vendor Advisory
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices	US Government Resource
https://www.first.org/cvss/calculator/3.1	Not Applicable
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0013.json	Vendor Advisory
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0013.pdf	Vendor Advisory
https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf	Product

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:sick:tloc100-100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:tloc100-100:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-10-27 11:15

Updated : 2025-11-03 19:42

NVD link : CVE-2025-59460

Mitre link : CVE-2025-59460

CVE.ORG link : CVE-2025-59460

JSON object : View

Products Affected

sick

tloc100-100
tloc100-100_firmware

CWE

CWE-1391

Use of Weak Credentials

{"id": "CVE-2025-59460", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@sick.de", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-10-27T11:15:40.743", "references": [{"url": "https://sick.com/psirt", "tags": ["Vendor Advisory"], "source": "psirt@sick.de"}, {"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices", "tags": ["US Government Resource"], "source": "psirt@sick.de"}, {"url": "https://www.first.org/cvss/calculator/3.1", "tags": ["Not Applicable"], "source": "psirt@sick.de"}, {"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0013.json", "tags": ["Vendor Advisory"], "source": "psirt@sick.de"}, {"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0013.pdf", "tags": ["Vendor Advisory"], "source": "psirt@sick.de"}, {"url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf", "tags": ["Product"], "source": "psirt@sick.de"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@sick.de", "description": [{"lang": "en", "value": "CWE-1391"}]}], "descriptions": [{"lang": "en", "value": "The system is deployed in its default state, with configuration settings that do not comply with the latest best practices for restricting access. This increases the risk of unauthorised connections."}], "lastModified": "2025-11-03T19:42:07.740", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sick:tloc100-100_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6A0DB5E-E209-451C-AB27-A9F924D98C48", "versionEndExcluding": "7.1.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sick:tloc100-100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "224B60BD-6A7D-410A-A72E-18D0E669A39C"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@sick.de"}