SICK TLOC100-100 Denial-of-Service Vulnerability via Chunk-Size Mismatch
Vulnerability
A denial-of-service vulnerability has been identified in the SICK TLOC100-100 product, all firmware versions. An attacker can cause chunk-size mismatches that disrupt file transfers, blocking ongoing updates and preventing future transfers. This issue arises from tampering with the C++ command-line interface client, which can crash the UpdateService during file transfers, leading to a loss of availability.
Impact
Exploitation of this vulnerability causes a denial-of-service condition by disrupting file transfers and blocking subsequent update processes.
Reproduction
To reproduce this vulnerability, an attacker must manipulate the C++ CLI client used for file transfers. This interference can create chunk-size mismatches that the UpdateService cannot resolve, causing the service to crash and file transfers to fail. After the mismatch occurs, subsequent file transfer attempts are also blocked, preventing the completion of updates.
Remediation
Users are advised to upgrade to the latest version of the SICK TLOC100-100 firmware (version 7.1.1 or later).
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.