{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-59460", "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "state": "PUBLISHED", "assignerShortName": "SICK AG", "dateReserved": "2025-09-16T13:38:29.663Z", "datePublished": "2025-10-27T10:10:31.105Z", "dateUpdated": "2025-10-27T18:10:18.984Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "TLOC100-100 with Firmware <7.1.1", "vendor": "SICK AG", "versions": [{"lessThan": "<7.1.1", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "TLOC100-100 with Firmware >=7.1.1", "vendor": "SICK AG", "versions": [{"status": "unaffected", "version": ">=7.1.1", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The system is deployed in its default state, with configuration settings that do not comply with the latest best practices for restricting access. This increases the risk of unauthorised connections.</p>"}], "value": "The system is deployed in its default state, with configuration settings that do not comply with the latest best practices for restricting access. This increases the risk of unauthorised connections."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "environmentalScore": 7.5, "environmentalSeverity": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "temporalScore": 7.5, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1391", "description": "CWE-1391 Use of Weak Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "shortName": "SICK AG", "dateUpdated": "2025-10-27T10:10:31.105Z"}, "references": [{"tags": ["x_SICK PSIRT Security Advisories"], "url": "https://sick.com/psirt"}, {"tags": ["x_SICK Operating Guidelines"], "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"}, {"tags": ["x_ICS-CERT recommended practices on Industrial Security"], "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"}, {"tags": ["x_CVSS v3.1 Calculator"], "url": "https://www.first.org/cvss/calculator/3.1"}, {"tags": ["x_The canonical URL."], "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0013.json"}, {"tags": ["vendor-advisory"], "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0013.pdf"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Users are strongly recommended to upgrade to the latest release of TLOC100-100 (&gt;= 7.1.1).</p>"}], "value": "Users are strongly recommended to upgrade to the latest release of TLOC100-100 (>= 7.1.1)."}], "source": {"advisory": "SCA-2025-0013", "discovery": "INTERNAL"}, "title": "Unsecure access configuration", "x_generator": {"engine": "csaf2cve 0.2.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-27T18:08:51.008321Z", "id": "CVE-2025-59460", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-27T18:10:18.984Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-59460", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-27T18:08:51.008321Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-27T18:08:59.423Z"}}], "cna": {"title": "Unsecure access configuration", "source": {"advisory": "SCA-2025-0013", "discovery": "INTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "temporalScore": 7.5, "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "temporalSeverity": "HIGH", "availabilityImpact": "NONE", "environmentalScore": 7.5, "privilegesRequired": "NONE", "confidentialityImpact": "HIGH", "environmentalSeverity": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SICK AG", "product": "TLOC100-100 with Firmware <7.1.1", "versions": [{"status": "affected", "version": "0", "lessThan": "<7.1.1", "versionType": "custom"}], "defaultStatus": "affected"}, {"vendor": "SICK AG", "product": "TLOC100-100 with Firmware >=7.1.1", "versions": [{"status": "unaffected", "version": ">=7.1.1", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Users are strongly recommended to upgrade to the latest release of TLOC100-100 (>= 7.1.1).", "supportingMedia": [{"type": "text/html", "value": "<p>Users are strongly recommended to upgrade to the latest release of TLOC100-100 (&gt;= 7.1.1).</p>", "base64": false}]}], "references": [{"url": "https://sick.com/psirt", "tags": ["x_SICK PSIRT Security Advisories"]}, {"url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf", "tags": ["x_SICK Operating Guidelines"]}, {"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices", "tags": ["x_ICS-CERT recommended practices on Industrial Security"]}, {"url": "https://www.first.org/cvss/calculator/3.1", "tags": ["x_CVSS v3.1 Calculator"]}, {"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0013.json", "tags": ["x_The canonical URL."]}, {"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0013.pdf", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "csaf2cve 0.2.1"}, "descriptions": [{"lang": "en", "value": "The system is deployed in its default state, with configuration settings that do not comply with the latest best practices for restricting access. This increases the risk of unauthorised connections.", "supportingMedia": [{"type": "text/html", "value": "<p>The system is deployed in its default state, with configuration settings that do not comply with the latest best practices for restricting access. This increases the risk of unauthorised connections.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1391", "description": "CWE-1391 Use of Weak Credentials"}]}], "providerMetadata": {"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "shortName": "SICK AG", "dateUpdated": "2025-10-27T10:10:31.105Z"}}}, "cveMetadata": {"cveId": "CVE-2025-59460", "state": "PUBLISHED", "dateUpdated": "2025-10-27T18:10:18.984Z", "dateReserved": "2025-09-16T13:38:29.663Z", "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "datePublished": "2025-10-27T10:10:31.105Z", "assignerShortName": "SICK AG"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The system is deployed in its default state, with configuration settings that do not comply with the latest best practices for restricting access. This increases the risk of unauthorised connections."}], "id": "CVE-2025-59460", "lastModified": "2025-10-27T13:19:49.063", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "psirt@sick.de", "type": "Secondary"}]}, "published": "2025-10-27T11:15:40.743", "references": [{"source": "psirt@sick.de", "url": "https://sick.com/psirt"}, {"source": "psirt@sick.de", "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"}, {"source": "psirt@sick.de", "url": "https://www.first.org/cvss/calculator/3.1"}, {"source": "psirt@sick.de", "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0013.json"}, {"source": "psirt@sick.de", "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0013.pdf"}, {"source": "psirt@sick.de", "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"}], "sourceIdentifier": "psirt@sick.de", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1391"}], "source": "psirt@sick.de", "type": "Secondary"}]}

{}

{"created": "2025-10-27T22:04:08.178772+00:00", "updated": "2025-10-27T22:04:08.178796+00:00", "vendors": ["sick", "sick$PRODUCT$tloc100-100"]}