← back
CVE-2025-27593

RCE due to Device Driver

CVSS 9.3 CRITICALEPSS 0.4%CWE-494
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.3EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
14 Mar 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The product can be used to distribute malicious code using SDD Device Drivers due to missing download verification checks, leading to code execution on target systems.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Affected products
SICK AG · SICK DL100-2xxxxxxx

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDFhttps://github.security.telekom.com/2025/03/multiple-vulnerabilities-in-sick-dl100.htmlhttps://sick.com/psirthttps://www.cisa.gov/resources-tools/resources/ics-recommended-practiceshttps://www.first.org/cvss/calculator/3.1https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0004.jsonhttps://www.sick.com/.well-known/csaf/white/2025/sca-2025-0004.pdf