CVE-2025-27593
RCE due to Device Driver
The product can be used to distribute malicious code using SDD Device Drivers due to missing download verification checks, leading to code execution on target systems.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Produtos afetados
SICK AG · SICK DL100-2xxxxxxxQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDFhttps://github.security.telekom.com/2025/03/multiple-vulnerabilities-in-sick-dl100.htmlhttps://sick.com/psirthttps://www.cisa.gov/resources-tools/resources/ics-recommended-practiceshttps://www.first.org/cvss/calculator/3.1https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0004.jsonhttps://www.sick.com/.well-known/csaf/white/2025/sca-2025-0004.pdf