CVE-2025-58579
📋 TL;DR
This vulnerability allows unauthenticated attackers to query an endpoint without proper authentication, enabling user enumeration attacks. It affects systems running vulnerable versions of SICK products with exposed endpoints. The impact is information disclosure that could facilitate further attacks.
💻 Affected Systems
- SICK products with vulnerable endpoints
📦 What is this software?
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could enumerate valid usernames or user IDs, enabling targeted credential attacks, social engineering, or reconnaissance for follow-on attacks.
Likely Case
Information disclosure revealing user account existence, potentially allowing attackers to identify valid targets for brute force or phishing campaigns.
If Mitigated
Limited to unsuccessful enumeration attempts with proper authentication controls and rate limiting in place.
🎯 Exploit Status
Exploitation requires only unauthenticated HTTP requests to vulnerable endpoints
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory SCA-2025-0010 for specific patched versions
Vendor Advisory: https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.json
Restart Required: Yes
Instructions:
1. Review SICK advisory SCA-2025-0010. 2. Identify affected products/versions. 3. Apply vendor-provided patches or updates. 4. Restart affected services/systems. 5. Verify authentication is now required.
🔧 Temporary Workarounds
Network Access Control
allRestrict network access to vulnerable endpoints using firewalls or network segmentation
Authentication Enforcement
allImplement authentication middleware or web application firewall rules to require authentication
🧯 If You Can't Patch
- Implement network segmentation to isolate vulnerable systems from untrusted networks
- Deploy web application firewall with authentication enforcement rules
🔍 How to Verify
Check if Vulnerable:
Send unauthenticated HTTP requests to application endpoints; if data is returned without authentication, system is vulnerableCheck Version:
Check product documentation or vendor-specific commands for version informationVerify Fix Applied:
Attempt same unauthenticated requests; they should return authentication errors or no data📡 Detection & Monitoring
Log Indicators:
- Multiple failed authentication attempts from single source
- Unusual volume of requests to user-related endpoints
- Requests to sensitive endpoints without authentication headers
Network Indicators:
- Unusual traffic patterns to authentication endpoints
- Repeated requests with incremental user IDs or usernames
SIEM Query:
source_ip=* AND (uri_path CONTAINS "/user" OR uri_path CONTAINS "/account") AND http_status=200 AND auth_header=null🔗 References
- https://sick.com/psirt
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
- https://www.first.org/cvss/calculator/3.1
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.json
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.pdf
- https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf
