{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-32470", "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "state": "PUBLISHED", "assignerShortName": "SICK AG", "dateReserved": "2025-04-09T07:42:18.369Z", "datePublished": "2025-04-28T09:07:02.830Z", "dateUpdated": "2025-04-28T15:45:46.363Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "SICK FLX0-GPNT100", "vendor": "SICK AG", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "affected", "product": "SICK FLX3-CPUC200", "vendor": "SICK AG", "versions": [{"status": "affected", "version": "all versions"}]}], "datePublic": "2025-04-28T08:49:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A remote unauthenticated attacker may be able to change the IP adress of the device, and therefore affecting the availability of the device."}], "value": "A remote unauthenticated attacker may be able to change the IP adress of the device, and therefore affecting the availability of the device."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284 (Improper Access Control)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "shortName": "SICK AG", "dateUpdated": "2025-04-28T09:07:02.830Z"}, "references": [{"tags": ["x_SICK PSIRT Website"], "url": "https://sick.com/psirt"}, {"tags": ["x_SICK Operating Guidelines"], "url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"}, {"tags": ["x_ICS-CERT"], "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"}, {"tags": ["x_CVSS v3.1 Calculator"], "url": "https://www.first.org/cvss/calculator/3.1"}, {"tags": ["vendor-advisory"], "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0005.pdf"}, {"tags": ["vendor-advisory", "x_csaf"], "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0005.json"}], "source": {"advisory": "SCA-2025-0005", "discovery": "INTERNAL"}, "title": "Unauthenticated change of IP adress", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u201dSICK Operating Guidelines\u201d and \u201dICS-CERT recommended practices on Industrial Security\u201d could help to implement the general security practices.<br>"}], "value": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u201dSICK Operating Guidelines\u201d and \u201dICS-CERT recommended practices on Industrial Security\u201d could help to implement the general security practices."}], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-28T15:41:57.691647Z", "id": "CVE-2025-32470", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-28T15:45:46.363Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-32470", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-28T15:41:57.691647Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-28T15:42:45.608Z"}}], "cna": {"title": "Unauthenticated change of IP adress", "source": {"advisory": "SCA-2025-0005", "discovery": "INTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SICK AG", "product": "SICK FLX0-GPNT100", "versions": [{"status": "affected", "version": "all versions"}], "defaultStatus": "affected"}, {"vendor": "SICK AG", "product": "SICK FLX3-CPUC200", "versions": [{"status": "affected", "version": "all versions"}], "defaultStatus": "affected"}], "datePublic": "2025-04-28T08:49:00.000Z", "references": [{"url": "https://sick.com/psirt", "tags": ["x_SICK PSIRT Website"]}, {"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF", "tags": ["x_SICK Operating Guidelines"]}, {"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices", "tags": ["x_ICS-CERT"]}, {"url": "https://www.first.org/cvss/calculator/3.1", "tags": ["x_CVSS v3.1 Calculator"]}, {"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0005.pdf", "tags": ["vendor-advisory"]}, {"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0005.json", "tags": ["vendor-advisory", "x_csaf"]}], "workarounds": [{"lang": "en", "value": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u201dSICK Operating Guidelines\u201d and \u201dICS-CERT recommended practices on Industrial Security\u201d could help to implement the general security practices.", "supportingMedia": [{"type": "text/html", "value": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u201dSICK Operating Guidelines\u201d and \u201dICS-CERT recommended practices on Industrial Security\u201d could help to implement the general security practices.<br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A remote unauthenticated attacker may be able to change the IP adress of the device, and therefore affecting the availability of the device.", "supportingMedia": [{"type": "text/html", "value": "A remote unauthenticated attacker may be able to change the IP adress of the device, and therefore affecting the availability of the device.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 (Improper Access Control)"}]}], "providerMetadata": {"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "shortName": "SICK AG", "dateUpdated": "2025-04-28T09:07:02.830Z"}}}, "cveMetadata": {"cveId": "CVE-2025-32470", "state": "PUBLISHED", "dateUpdated": "2025-04-28T15:45:46.363Z", "dateReserved": "2025-04-09T07:42:18.369Z", "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "datePublished": "2025-04-28T09:07:02.830Z", "assignerShortName": "SICK AG"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A remote unauthenticated attacker may be able to change the IP adress of the device, and therefore affecting the availability of the device."}, {"lang": "es", "value": "Un atacante remoto no autenticado podr\u00eda cambiar la direcci\u00f3n IP del dispositivo y, por lo tanto, afectar la disponibilidad del dispositivo."}], "id": "CVE-2025-32470", "lastModified": "2025-04-29T13:52:10.697", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "psirt@sick.de", "type": "Secondary"}]}, "published": "2025-04-28T09:15:20.643", "references": [{"source": "psirt@sick.de", "url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"}, {"source": "psirt@sick.de", "url": "https://sick.com/psirt"}, {"source": "psirt@sick.de", "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"}, {"source": "psirt@sick.de", "url": "https://www.first.org/cvss/calculator/3.1"}, {"source": "psirt@sick.de", "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0005.json"}, {"source": "psirt@sick.de", "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0005.pdf"}], "sourceIdentifier": "psirt@sick.de", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "psirt@sick.de", "type": "Secondary"}]}

{}