Primary

Context

SICK picoScan and multiScan Denial-of-Service Vulnerability via Slowloris Attack

Vulnerability

A denial-of-service vulnerability has been identified in SICK picoScan and multiScan products, all versions. This vulnerability allows remote attackers to conduct a Slowloris-type attack, causing the web page to become unresponsive. The issue arises from the architectural design of these products, which can be exploited by manipulating how the web server handles incoming requests.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the web page to become unresponsive.

Remediation

To mitigate this vulnerability, ensure that only trusted entities have access to the device. SICK also recommends following general security practices to operate the product in a protected IT environment. The web server can be disabled via the CyberSecurity page in the user interface.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SICK picoScan and multiScan Denial-of-Service Vulnerability via Slowloris Attack

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating