Primary

Context

SICK Flexi Compact Unauthenticated IP Address Change Vulnerability Leading to Denial-of-Service

Vulnerability

A denial-of-service vulnerability has been identified in the SICK Flexi Compact series, specifically in the FLX0-GPNT100 and FLX3-CPUC200 models, all firmware versions. This vulnerability allows a remote, unauthenticated attacker to change the device's IP address, potentially disrupting the device's availability.

Impact

Exploitation of this vulnerability can lead to a denial-of-service condition by causing the device to become unavailable due to an unauthorized change of its IP address.

Remediation

It is recommended to ensure that only trusted entities have access to the device. Additionally, SICK advises following general security practices to minimize network exposure and restrict access, which can be guided by the SICK Operating Guidelines and ICS-CERT recommended practices on Industrial Security.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

7.0

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

7.0

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SICK Flexi Compact Unauthenticated IP Address Change Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

SICK FLX3-CPUC200

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating