CVE-2025-27593

RCE due to Device Driver

CVSS 9.3 CRITICALEPSS 0.4%CWE-494

Vexday Risk Score

28Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 9.3EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

14 mar 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

The product can be used to distribute malicious code using SDD Device Drivers due to missing download verification checks, leading to code execution on target systems.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

Productos afectados

SICK AG · SICK DL100-2xxxxxxx

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF https://github.security.telekom.com/2025/03/multiple-vulnerabilities-in-sick-dl100.html https://sick.com/psirt https://www.cisa.gov/resources-tools/resources/ics-recommended-practices https://www.first.org/cvss/calculator/3.1 https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0004.json https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0004.pdf