CVE-2025-27595
Weak hashing alghrythm
In short
The device uses a weak hashing algorithm to store passwords, making it easy for attackers to crack them and gain unauthorized access to the system.
Technical detail
CWE-328: Use of Insufficiently Random Values. The device implements weak cryptographic hashing for password storage, enabling offline brute-force attacks with low computational cost. Compromise of password hashes allows rapid authentication bypass and full system access.
Summary generated and translated by AI from the official description.
The device uses a weak hashing alghorithm to create the password hash. Hence, a matching password can be easily calculated by an attacker. This impacts the security and the integrity of the device.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
SICK AG · SICK DL100-2xxxxxxxWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDFhttps://github.security.telekom.com/2025/03/multiple-vulnerabilities-in-sick-dl100.htmlhttps://sick.com/psirthttps://www.cisa.gov/resources-tools/resources/ics-recommended-practiceshttps://www.first.org/cvss/calculator/3.1https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0004.jsonhttps://www.sick.com/.well-known/csaf/white/2025/sca-2025-0004.pdf