cvelistv5 - cve-2025-32471

CVE-2025-32471 (GCVE-0-2025-32471)

Vulnerability from cvelistv5

Published

2025-04-28 09:11

Modified

2025-04-28 15:40

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-1391 - (Use of Weak Credentials)

Summary

The device’s passwords have not been adequately salted, making them vulnerable to password extraction attacks.

References

URL

Tags

	psirt@sick.de	https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF
	psirt@sick.de	https://sick.com/psirt
	psirt@sick.de	https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
	psirt@sick.de	https://www.first.org/cvss/calculator/3.1
	psirt@sick.de	https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0005.json
	psirt@sick.de	https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0005.pdf

Impacted products

	Vendor	Product	Version
	SICK AG	SICK FLX3-CPUC200	Version: all versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-32471",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-28T15:38:04.731697Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-28T15:40:34.748Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "SICK FLX3-CPUC200",
          "vendor": "SICK AG",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        }
      ],
      "datePublic": "2025-04-28T08:49:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The device\u2019s passwords have not been adequately salted, making them vulnerable to password extraction attacks."
            }
          ],
          "value": "The device\u2019s passwords have not been adequately salted, making them vulnerable to password extraction attacks."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1391",
              "description": "CWE-1391 (Use of Weak Credentials)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-28T09:11:20.143Z",
        "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "shortName": "SICK AG"
      },
      "references": [
        {
          "tags": [
            "x_SICK PSIRT Website"
          ],
          "url": "https://sick.com/psirt"
        },
        {
          "tags": [
            "x_SICK Operating Guidelines"
          ],
          "url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
        },
        {
          "tags": [
            "x_ICS-CERT"
          ],
          "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
        },
        {
          "tags": [
            "x_CVSS v3.1 Calculator"
          ],
          "url": "https://www.first.org/cvss/calculator/3.1"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0005.pdf"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_csaf"
          ],
          "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0005.json"
        }
      ],
      "source": {
        "advisory": "SCA-2025-0005",
        "discovery": "INTERNAL"
      },
      "title": "Reuse of salt",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
    "assignerShortName": "SICK AG",
    "cveId": "CVE-2025-32471",
    "datePublished": "2025-04-28T09:11:20.143Z",
    "dateReserved": "2025-04-09T07:42:18.369Z",
    "dateUpdated": "2025-04-28T15:40:34.748Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-32471\",\"sourceIdentifier\":\"psirt@sick.de\",\"published\":\"2025-04-28T09:15:21.263\",\"lastModified\":\"2025-04-29T13:52:10.697\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The device\u2019s passwords have not been adequately salted, making them vulnerable to password extraction attacks.\"},{\"lang\":\"es\",\"value\":\"Las contrase\u00f1as de los dispositivos no han sido saladas adecuadamente, lo que los hace vulnerables a ataques de extracci\u00f3n de contrase\u00f1as.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@sick.de\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":3.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"psirt@sick.de\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1391\"}]}],\"references\":[{\"url\":\"https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF\",\"source\":\"psirt@sick.de\"},{\"url\":\"https://sick.com/psirt\",\"source\":\"psirt@sick.de\"},{\"url\":\"https://www.cisa.gov/resources-tools/resources/ics-recommended-practices\",\"source\":\"psirt@sick.de\"},{\"url\":\"https://www.first.org/cvss/calculator/3.1\",\"source\":\"psirt@sick.de\"},{\"url\":\"https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0005.json\",\"source\":\"psirt@sick.de\"},{\"url\":\"https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0005.pdf\",\"source\":\"psirt@sick.de\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-32471\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-28T15:38:04.731697Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-28T15:40:29.854Z\"}}], \"cna\": {\"title\": \"Reuse of salt\", \"source\": {\"advisory\": \"SCA-2025-0005\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 3.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"SICK AG\", \"product\": \"SICK FLX3-CPUC200\", \"versions\": [{\"status\": \"affected\", \"version\": \"all versions\"}], \"defaultStatus\": \"affected\"}], \"datePublic\": \"2025-04-28T08:49:00.000Z\", \"references\": [{\"url\": \"https://sick.com/psirt\", \"tags\": [\"x_SICK PSIRT Website\"]}, {\"url\": \"https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF\", \"tags\": [\"x_SICK Operating Guidelines\"]}, {\"url\": \"https://www.cisa.gov/resources-tools/resources/ics-recommended-practices\", \"tags\": [\"x_ICS-CERT\"]}, {\"url\": \"https://www.first.org/cvss/calculator/3.1\", \"tags\": [\"x_CVSS v3.1 Calculator\"]}, {\"url\": \"https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0005.pdf\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0005.json\", \"tags\": [\"vendor-advisory\", \"x_csaf\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The device\\u2019s passwords have not been adequately salted, making them vulnerable to password extraction attacks.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The device\\u2019s passwords have not been adequately salted, making them vulnerable to password extraction attacks.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1391\", \"description\": \"CWE-1391 (Use of Weak Credentials)\"}]}], \"providerMetadata\": {\"orgId\": \"a6863dd2-93fc-443d-bef1-79f0b5020988\", \"shortName\": \"SICK AG\", \"dateUpdated\": \"2025-04-28T09:11:20.143Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-32471\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-28T15:40:34.748Z\", \"dateReserved\": \"2025-04-09T07:42:18.369Z\", \"assignerOrgId\": \"a6863dd2-93fc-443d-bef1-79f0b5020988\", \"datePublished\": \"2025-04-28T09:11:20.143Z\", \"assignerShortName\": \"SICK AG\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

sca-2025-0005

Vulnerability from csaf_sick

Published

2025-04-28 10:00

Modified

2025-04-28 10:00

Summary

Vulnerabilities in SICK Flexi Compact

Notes

summary

SICK has found two vulnerabilities that affect the SICK Flexi Compact. The vulnerabilities may affect the availability and confidentiality of the products. SICK is currently not aware of any public exploits.

General Security Measures

As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.

Vulnerability Classification

SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "summary",
        "text": "SICK has found two vulnerabilities that affect the SICK Flexi Compact.\nThe vulnerabilities may affect the availability and confidentiality of the products.\nSICK is currently not aware of any public exploits. \n",
        "title": "summary"
      },
      {
        "category": "general",
        "text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.",
        "title": "General Security Measures"
      },
      {
        "category": "general",
        "text": "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer\u2019s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.",
        "title": "Vulnerability Classification"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@sick.de",
      "issuing_authority": "SICK AG issues and issues in EHS products (when related to the Endress+Hauser SICK (EHS) joint venture).",
      "name": "SICK PSIRT",
      "namespace": "https://www.sick.com/psirt"
    },
    "references": [
      {
        "summary": "SICK PSIRT Security Advisories",
        "url": "https://sick.com/psirt"
      },
      {
        "summary": "SICK Operating Guidelines",
        "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
      },
      {
        "summary": "ICS-CERT recommended practices on Industrial Security",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "summary": "CVSS v3.1 Calculator",
        "url": "https://www.first.org/cvss/calculator/3.1"
      },
      {
        "category": "self",
        "summary": "The canonical URL.",
        "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0005.json"
      }
    ],
    "title": "Vulnerabilities in SICK Flexi Compact",
    "tracking": {
      "current_release_date": "2025-04-28T10:00:00.000Z",
      "generator": {
        "date": "2025-04-28T06:24:37.901Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.24"
        }
      },
      "id": "SCA-2025-0005",
      "initial_release_date": "2025-04-28T10:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-04-28T10:00:00.000Z",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-07-30T07:30:49.000Z",
          "number": "2",
          "summary": "Updated Advisory: URL for SICK Operating Guidelines has been updated"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK FLX3-CPUC200 all versions",
                      "product_id": "CSAFPID-0001"
                    }
                  }
                ],
                "category": "product_name",
                "name": "FLX3-CPUC200"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK FLX0-GPNT100 all versions",
                      "product_id": "CSAFPID-0002"
                    }
                  }
                ],
                "category": "product_name",
                "name": "FLX0-GPNT100"
              }
            ],
            "category": "product_family",
            "name": "Flexi Compact"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SICK FLX3-CPUC200 all Firmware versions",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "FLX3-CPUC200 Firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SICK FLX0-GPNT100 all Firmware versions",
                  "product_id": "CSAFPID-0006"
                }
              }
            ],
            "category": "product_name",
            "name": "FLX0-GPNT100 Firmware"
          }
        ],
        "category": "vendor",
        "name": "SICK AG"
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK FLX3-CPUC200 all firmware versions",
          "product_id": "CSAFPID-0008"
        },
        "product_reference": "CSAFPID-0005",
        "relates_to_product_reference": "CSAFPID-0001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK FLX0-GPNT100 all firmware versions",
          "product_id": "CSAFPID-0010"
        },
        "product_reference": "CSAFPID-0006",
        "relates_to_product_reference": "CSAFPID-0002"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-32470",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "A remote unauthenticated attacker may be able to change the IP adress of the device, and therefore affecting the availability of the device.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0008",
          "CSAFPID-0010"
        ]
      },
      "remediations": [
        {
          "category": "workaround",
          "details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
          "product_ids": [
            "CSAFPID-0010",
            "CSAFPID-0008"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "environmentalScore": 7.5,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0010",
            "CSAFPID-0008"
          ]
        }
      ],
      "title": "DoS by unauthenticated change of IP address"
    },
    {
      "cve": "CVE-2025-32471",
      "cwe": {
        "id": "CWE-1391",
        "name": "Use of Weak Credentials"
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "The device\u0027s passwords have not been adequately salted, making them vulnerable to password extraction attacks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0008"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "environmentalScore": 3.7,
            "environmentalSeverity": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 3.7,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0008"
          ]
        }
      ],
      "title": "Password hashed with standard salt "
    }
  ]
}

ghsa-mmm9-h8m2-rgmw

Vulnerability from github

Published

2025-04-28 09:31

Modified

2025-04-28 09:31

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

The device’s passwords have not been adequately salted, making them vulnerable to password extraction attacks.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-32471"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1391"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-28T09:15:21Z",
    "severity": "LOW"
  },
  "details": "The device\u2019s passwords have not been adequately salted, making them vulnerable to password extraction attacks.",
  "id": "GHSA-mmm9-h8m2-rgmw",
  "modified": "2025-04-28T09:31:54Z",
  "published": "2025-04-28T09:31:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32471"
    },
    {
      "type": "WEB",
      "url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
    },
    {
      "type": "WEB",
      "url": "https://sick.com/psirt"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
    },
    {
      "type": "WEB",
      "url": "https://www.first.org/cvss/calculator/3.1"
    },
    {
      "type": "WEB",
      "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0005.json"
    },
    {
      "type": "WEB",
      "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0005.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

fkie_cve-2025-32471

Vulnerability from fkie_nvd

Published

2025-04-28 09:15

Modified

2025-04-29 13:52

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

The device’s passwords have not been adequately salted, making them vulnerable to password extraction attacks.

References

	URL	Tags
	psirt@sick.de	https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF
	psirt@sick.de	https://sick.com/psirt
	psirt@sick.de	https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
	psirt@sick.de	https://www.first.org/cvss/calculator/3.1
	psirt@sick.de	https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0005.json
	psirt@sick.de	https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0005.pdf

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The device\u2019s passwords have not been adequately salted, making them vulnerable to password extraction attacks."
    },
    {
      "lang": "es",
      "value": "Las contrase\u00f1as de los dispositivos no han sido saladas adecuadamente, lo que los hace vulnerables a ataques de extracci\u00f3n de contrase\u00f1as."
    }
  ],
  "id": "CVE-2025-32471",
  "lastModified": "2025-04-29T13:52:10.697",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "psirt@sick.de",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-04-28T09:15:21.263",
  "references": [
    {
      "source": "psirt@sick.de",
      "url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
    },
    {
      "source": "psirt@sick.de",
      "url": "https://sick.com/psirt"
    },
    {
      "source": "psirt@sick.de",
      "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
    },
    {
      "source": "psirt@sick.de",
      "url": "https://www.first.org/cvss/calculator/3.1"
    },
    {
      "source": "psirt@sick.de",
      "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0005.json"
    },
    {
      "source": "psirt@sick.de",
      "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0005.pdf"
    }
  ],
  "sourceIdentifier": "psirt@sick.de",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1391"
        }
      ],
      "source": "psirt@sick.de",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-32471 (GCVE-0-2025-32471)

Vulnerability from cvelistv5

sca-2025-0005

Vulnerability from csaf_sick

ghsa-mmm9-h8m2-rgmw

Vulnerability from github

fkie_cve-2025-32471

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature