Primary

Context

SICK Flexi Compact Password Vulnerability Allowing Extraction Attacks

Vulnerability

A vulnerability exists in the SICK Flexi Compact series, specifically in the FLX0-GPNT100 and FLX3-CPUC200 models, all firmware versions. The issue arises because the device's passwords are not properly salted, creating a risk of password extraction attacks. This vulnerability has been assigned the CVE identifier CVE-2025-32471.

Impact

The vulnerability could lead to unauthorized password extraction, potentially allowing attackers to gain unauthorized access to the device or its functions.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

7.0

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

7.0

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SICK Flexi Compact Password Vulnerability Allowing Extraction Attacks

Vulnerability

Impact

Affected Products

SICK FLX3-CPUC200

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating