Skip to main content

CVE-2025-32472: CWE-400 (Uncontrolled Resource Consumption) in SICK AG SICK multiScan1XX

Medium
VulnerabilityCVE-2025-32472cvecve-2025-32472cwe-400
Published: Mon Apr 28 2025 (04/28/2025, 12:04:55 UTC)
Source: CVE
Vendor/Project: SICK AG
Product: SICK multiScan1XX

Description

The multiScan and picoScan are vulnerable to a denial-of-service (DoS) attack. A remote attacker can exploit this vulnerability by conducting a Slowloris-type attack, causing the web page to become unresponsive.

AI-Powered Analysis

AILast updated: 06/24/2025, 20:20:31 UTC

Technical Analysis

CVE-2025-32472 is a vulnerability classified under CWE-400 (Uncontrolled Resource Consumption) affecting all versions of the SICK AG multiScan1XX product line, including multiScan and picoScan devices. These devices are industrial sensors commonly used in automation, manufacturing, and logistics for object detection and measurement. The vulnerability allows a remote attacker to perform a denial-of-service (DoS) attack by exploiting the device's web interface with a Slowloris-type attack. Slowloris attacks work by opening multiple HTTP connections to the target and keeping them alive by sending partial requests slowly, thereby exhausting the server's connection pool and resources. This results in the web interface becoming unresponsive, effectively denying legitimate users access to the device's management or monitoring functions. The vulnerability requires no authentication or user interaction and can be executed remotely over the network. The CVSS v3.1 base score is 5.3 (medium severity), reflecting that the attack vector is network-based (AV:N), with low attack complexity (AC:L), no privileges required (PR:N), and no user interaction (UI:N). The impact is limited to availability (A:L), with no confidentiality or integrity impact. No known exploits are currently reported in the wild, and no patches have been published yet. Given the nature of the devices and the vulnerability, the attack targets the device's web server component, which likely has limited resources, making it susceptible to resource exhaustion attacks like Slowloris.

Potential Impact

For European organizations, the impact of this vulnerability can be significant in sectors relying on SICK multiScan1XX devices for critical automation and safety functions, such as manufacturing plants, logistics hubs, and industrial facilities. A successful DoS attack could disrupt operational monitoring and control, leading to downtime, reduced productivity, and potential safety risks if sensor data is unavailable or delayed. While the vulnerability does not directly compromise data confidentiality or integrity, the loss of availability can cascade into operational inefficiencies and increased risk of accidents or process failures. Organizations with large-scale deployments of these sensors may experience amplified effects, especially if the devices are integrated into centralized monitoring systems. The lack of authentication requirement means attackers can launch attacks without prior access, increasing the threat surface. Additionally, the unavailability of patches necessitates interim mitigation measures to maintain operational continuity.

Mitigation Recommendations

Implement network-level protections such as rate limiting and connection throttling on firewalls or intrusion prevention systems (IPS) to detect and block Slowloris-style attacks targeting the devices' web interfaces. Isolate SICK multiScan1XX devices on segmented network zones with restricted access, limiting exposure to untrusted networks and reducing the attack surface. Deploy web application firewalls (WAF) or reverse proxies configured to handle and mitigate slow HTTP attacks by enforcing connection timeouts and limiting concurrent connections per client IP. Monitor network traffic for unusual patterns indicative of Slowloris attacks, such as numerous half-open HTTP connections from single sources, and establish alerting mechanisms. Engage with SICK AG for updates on patches or firmware upgrades addressing this vulnerability and plan for timely deployment once available. Consider disabling or restricting access to the web management interface if remote management is not necessary, or use VPNs and strong authentication mechanisms to control access. Regularly audit and update network device configurations to ensure minimal exposure of industrial sensors to public or unsecured networks.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
SICK AG
Date Reserved
2025-04-09T07:42:18.369Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682d983dc4522896dcbef69a

Added to database: 5/21/2025, 9:09:17 AM

Last enriched: 6/24/2025, 8:20:31 PM

Last updated: 8/12/2025, 11:12:36 AM

Views: 10

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats