|
| 1 | +--- |
| 2 | +title: Multiple critical vulnerabilities in SICK DL100-2xxxxxxx Products |
| 3 | +header: Multiple critical vulnerabilities in SICK DL100-2xxxxxxx Products |
| 4 | +tags: ['advisories'] |
| 5 | +cwes: ['CWE-494 (Download of Code Without Integrity Check)', 'CWE-319 (Cleartext Transmission of Sensitive Information)', 'CWE-328 (Use of Weak Hash)'] |
| 6 | +affected_product: 'SICK DL100-2xxxxxxx all firmware versions' |
| 7 | +vulnerability_release_date: '2025-03-14' |
| 8 | +--- |
| 9 | + |
| 10 | +Several vulnerabilities were discovered during testing of a DL100 device.<!--more--> |
| 11 | + |
| 12 | +### Details |
| 13 | + |
| 14 | +* **Product:** SICK DL100-2xxxxxxx |
| 15 | +* **Affected Version:** all firmware versions |
| 16 | +* **Vulnerability Type:** Download of Code Without Integrity Check (CWE-494), Cleartext Transmission of Sensitive Information (CWE-319) and Use of Weak Hash (CWE-328) |
| 17 | +* **Risk Level:** Critical |
| 18 | +* **Vendor URL:** https://www.sick.com/de/de/ |
| 19 | +* **Vendor acknowledged vulnerability:** Yes |
| 20 | +* **Vendor Status:** Known Affected / Workaround |
| 21 | +* **CVEs:** CVE-2025-27593, CVE-2025-27594, CVE-2025-27595 |
| 22 | + |
| 23 | +The vulnerabilities were discovered during testing a device of type DL100. |
| 24 | + |
| 25 | +### [CVE-2025-27593](https://www.cve.org/CVERecord?id=CVE-2025-27593): Download of Code Without Integrity Check |
| 26 | + |
| 27 | +The product can be used to distribute malicious code using SDD Device Drivers |
| 28 | +due to missing download verification checks leading to code execution on target systems. |
| 29 | + |
| 30 | +### [CVE-2025-27594](https://www.cve.org/CVERecord?id=CVE-2025-27594): Cleartext Transmission of Sensitive Information |
| 31 | + |
| 32 | +The device uses an unencrypted, proprietary protocol for communication, authentication and transmission of configuration data. An attacker can thereby intercept the authentication hash and use it to log into the device using a pass-the-hash attack. |
| 33 | + |
| 34 | +### [CVE-2025-27595](https://www.cve.org/CVERecord?id=CVE-2025-27595): Use of Weak Hash |
| 35 | + |
| 36 | +The device uses a weak hashing alghorithm to create the password hash. Hence, a matching password can be easily calculated by an attacker. This impacts the security and the integrity of the device. |
| 37 | + |
| 38 | +### References |
| 39 | + |
| 40 | +- [CVE-2025-27593](https://www.cve.org/CVERecord?id=CVE-2025-27593) |
| 41 | +- [CVE-2025-27594](https://www.cve.org/CVERecord?id=CVE-2025-27594) |
| 42 | +- [CVE-2025-27595](https://www.cve.org/CVERecord?id=CVE-2025-27595) |
| 43 | +- [SICK Security Advisory](https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0004.pdf) |
| 44 | + |
| 45 | +### Timeline |
| 46 | + |
| 47 | +* **07.01.2025:** Vulnerability reported to the vendor. |
| 48 | +* **31.01.2025:** Vendor confirmed vulnerabilities. |
| 49 | +* **14.03.2025:** Vendor published a Security Advisory with a workaround. |
| 50 | +* **14.03.2025:** This blog post was published. |
| 51 | + |
| 52 | +### Credits |
| 53 | + |
| 54 | +* Leonard Lewedei (<leonard.lewedei@telekom.de>) |
0 commit comments