CVE-2025-27593

The product can be used to distribute malicious code using SDD Device Drivers due to missing download verification checks, leading to code execution on target systems.

CVSS v3 9.3 CRITICAL

9.3^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.8

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF
https://github.security.telekom.com/2025/03/multiple-vulnerabilities-in-sick-dl100.html
https://sick.com/psirt
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
https://www.first.org/cvss/calculator/3.1
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0004.json
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0004.pdf

Configurations

No configuration.

History

No history.

Information

Published : 2025-03-14 13:15

Updated : 2025-03-14 13:15

NVD link : CVE-2025-27593

Mitre link : CVE-2025-27593

CVE.ORG link : CVE-2025-27593

JSON object : View

Products Affected

No product.

CWE

CWE-494

Download of Code Without Integrity Check

9.3 /10