CVE-2025-27595
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The device uses a weak hashing alghorithm to create the password hash. Hence, a matching password can be easily calculated by an attacker. This impacts the security and the integrity of the device.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SICK AG | SICK DL100-2xxxxxxx | all versions | affected |
Weaknesses
- CWE-328: CWE-328 Use of Weak Hash
Workarounds
Please make sure that you apply general security practices when operating the products. The following General Security Practices and Operating Guidelines could mitigate the associated security risk.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://sick.com/psirt
- https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
- https://www.first.org/cvss/calculator/3.1
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0004.pdf
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0004.json
- https://github.security.telekom.com/2025/03/multiple-vulnerabilities-in-sick-dl100.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.