Primary

Context

SICK TLOC100-100 Missing Authentication Vulnerability in C++ API

Vulnerability

A vulnerability exists in the SICK TLOC100-100 product, specifically in all versions of the firmware. The issue allows remote unauthenticated attackers to access or modify sensitive data and disrupt services by exploiting the unauthenticated C++ API. This vulnerability is compounded by an unsecure access configuration, as the system is deployed with default settings that do not align with current best practices for restricting access, increasing the risk of unauthorized connections.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive data, unauthorized modifications of data, and disruption of services.

Remediation

Users are strongly recommended to upgrade to the latest release of TLOC100-100 (version 7.1.1 or later).

Added: Oct 27, 2025, 11:33 AM

Updated: Oct 27, 2025, 1:40 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.8

exploitability

4.9

remediation

0.0

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.8

exploitability

4.9

remediation

0.0

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SICK TLOC100-100 Missing Authentication Vulnerability in C++ API

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating