sca-2025-0004
Vulnerability from csaf_sick
Published
2025-03-14 11:00
Modified
2025-03-14 11:00
Summary
Critical vulnerabilities in SICK DL100-2xxxxxxx
Notes
summary
Critical vulnerabilities have been found in the SICK device DL100-2xxxxxxx. If exploited, this potentially allows an attacker to impact availabiltiy, integrity and confidentaility of the products. Currently, SICK is not aware of any public exploits specifically targeting these vulnerabilities. As a mitigation, SICK strongly recommends operating the system within a secure infrastructure to minimize risk.
General Security Measures
As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.
Vulnerability Classification
SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.
{
"document": {
"acknowledgments": [
{
"names": [
"Leonard Lewedei"
],
"organization": "Deutsche Telekom Security GmbH",
"summary": "executing penetration testing and reporting the vulnerabilities"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "Critical vulnerabilities have been found in the SICK device DL100-2xxxxxxx. If exploited, this potentially allows an attacker to impact availabiltiy, integrity and confidentaility of the products. Currently, SICK is not aware of any public exploits specifically targeting these vulnerabilities. As a mitigation, SICK strongly recommends operating the system within a secure infrastructure to minimize risk.\n\n ",
"title": "summary"
},
{
"category": "general",
"text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.",
"title": "General Security Measures"
},
{
"category": "general",
"text": "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer\u2019s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.",
"title": "Vulnerability Classification"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@sick.de",
"issuing_authority": "SICK PSIRT is responsible for any vulnerabilities related to SICK products.",
"name": "SICK PSIRT",
"namespace": "https://www.sick.com/psirt"
},
"references": [
{
"summary": "SICK PSIRT Security Advisories",
"url": "https://sick.com/psirt"
},
{
"summary": "SICK Operating Guidelines",
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"summary": "ICS-CERT recommended practices on Industrial Security",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"summary": "CVSS v3.1 Calculator",
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"category": "self",
"summary": "The canonical URL.",
"url": "https://www.sick.com/.well-known/csaf/white/2024/sca-2025-0004.json"
},
{
"category": "external",
"summary": "Security Advisory of Deutsche Telekom Security GmbH",
"url": "https://github.security.telekom.com/2025/03/multiple-vulnerabilities-in-sick-dl100.html"
}
],
"title": "Critical vulnerabilities in SICK DL100-2xxxxxxx",
"tracking": {
"current_release_date": "2025-03-14T11:00:00.000Z",
"generator": {
"date": "2025-03-14T11:47:31.168Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.21"
}
},
"id": "SCA-2025-0004",
"initial_release_date": "2025-03-14T11:00:00.000Z",
"revision_history": [
{
"date": "2025-03-14T00:00:00.000Z",
"number": "1",
"summary": "Initial version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK DL100-2xxxxxxx all versions",
"product_id": "CSAFPID-0001",
"product_identification_helper": {
"skus": [
"1052684",
"1052685",
"1052686",
"1052687",
"1052688",
"1052689",
"1052690",
"1052691",
"1052692",
"1052693",
"1052694",
"1052695",
"1052696",
"1052697",
"1052698",
"1052699",
"1052700",
"1052701",
"1058164",
"1058165",
"1058166",
"1058167",
"1058168",
"1058169",
"1060386",
"1060387",
"1060388",
"1060389",
"1060390",
"1060391",
"1060948",
"1060949",
"1060950",
"1060951",
"1060952",
"1060953",
"1064835",
"1066423",
"1066425",
"1066426",
"1066427",
"1066428",
"1066429",
"1066438",
"1086984",
"1086985",
"1086986",
"1086987",
"1086988",
"1092652",
"1095769",
"1095770",
"1095771",
"1095772",
"1096493",
"1096494",
"1096495",
"1096496",
"1096497",
"1096498",
"1096499",
"1096500"
]
}
}
}
],
"category": "product_name",
"name": "DL100-2xxxxxxx"
}
],
"category": "product_family",
"name": "Dx100"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK DL100-2xxxxxxx firmware",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "DL100-2xxxxxxx Firmware"
}
],
"category": "vendor",
"name": "SICK AG"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "SICK DL100-2xxxxxxx all firmware versions",
"product_id": "CSAFPID-0003"
},
"product_reference": "CSAFPID-0002",
"relates_to_product_reference": "CSAFPID-0001"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-27593",
"cwe": {
"id": "CWE-494",
"name": "Download of Code Without Integrity Check"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "The product can be used to distribute malicious code using SDD Device Drivers due to missing download verification checks, leading to code execution on target systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0003"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that you apply general security practices when operating the products. The following General Security Practices and Operating Guidelines could mitigate the associated security risk.",
"product_ids": [
"CSAFPID-0003"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.3,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 9.3,
"temporalSeverity": "CRITICAL",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0003"
]
}
],
"title": "RCE due to SICK Device Driver (SDD)"
},
{
"cve": "CVE-2025-27594",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"notes": [
{
"category": "summary",
"text": "The device uses an unencrypted, proprietary protocol for communication. Through this protocol, configuration data is transmitted and device authentication is performed. An attacker can thereby intercept the authentication hash and use it to log into the device using a pass-the-hash attack."
}
],
"product_status": {
"known_affected": [
"CSAFPID-0003"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that you apply general security practices when operating the products. The following General Security Practices and Operating Guidelines could mitigate the associated security risk.",
"product_ids": [
"CSAFPID-0003"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0003"
]
}
],
"title": "Unencrypted transmission of password hash"
},
{
"cve": "CVE-2025-27595",
"cwe": {
"id": "CWE-328",
"name": "Use of Weak Hash"
},
"notes": [
{
"category": "summary",
"text": "The device uses a weak hashing alghorithm to create the password hash. Hence, a matching password can be easily calculated by an attacker. This impacts the security and the integrity of the device. "
}
],
"product_status": {
"known_affected": [
"CSAFPID-0003"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that you apply general security practices when operating the products. The following General Security Practices and Operating Guidelines could mitigate the associated security risk.",
"product_ids": [
"CSAFPID-0003"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0003"
]
}
],
"title": "Weak hashing alghrythm"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…