← voltar
CVE-2025-66238

Sunbird DCIM dcTrack and Power IQ Authentication Bypass Using an Alternate Path or Channel

CVSS 7.4 HIGHEPSS 0.3%CWE-288
DCIM dcTrack allows an attacker to misuse certain remote access features. An authenticated user with access to the appliance's virtual console could exploit these features to redirect network traffic, potentially accessing restricted services or data on the host machine.
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Produtos afetados
Sunbird · DCIM dcTrackSunbird · IQ

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-338-05.jsonhttps://www.cisa.gov/news-events/ics-advisories/icsa-25-338-05