CVE-2025-27593
RCE due to Device Driver
The product can be used to distribute malicious code using SDD Device Drivers due to missing download verification checks, leading to code execution on target systems.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Affected products
SICK AG · SICK DL100-2xxxxxxxWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDFhttps://github.security.telekom.com/2025/03/multiple-vulnerabilities-in-sick-dl100.htmlhttps://sick.com/psirthttps://www.cisa.gov/resources-tools/resources/ics-recommended-practiceshttps://www.first.org/cvss/calculator/3.1https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0004.jsonhttps://www.sick.com/.well-known/csaf/white/2025/sca-2025-0004.pdf