CRITICAL🇵🇱 Wersja polska

CVE-2025-27595

CVSS 9.8v3.1pub. 2025-03-14upd. 2026-04-15

The device uses a weak hashing alghorithm to create the password hash. Hence, a matching password can be easily calculated by an attacker. This impacts the security and the integrity of the device.

🤖 AI Analysis
How it works

The password storage mechanism is based on a weak hashing algorithm (CWE-328) that does not provide adequate cryptographic resistance. An attacker who gains access to stored password hashes can calculate the matching password in a relatively short time in an unauthorized manner. This results from the algorithm's vulnerability to dictionary attacks, brute-force attacks, or precomputed hash attacks (e.g., rainbow tables).

Impact

An attacker can recover the authentication password to the device, leading to complete breach of confidentiality, integrity, and availability of the system — including unauthorized takeover of device control.

Mitigation & patch

Apply patches available from the manufacturer according to references (sick.com/psirt). Additionally, it is recommended to change passwords on devices, restrict network access to devices, and follow CISA ICS guidelines for securing industrial control systems.

Who is affected

SICK DL100 devices — specific versions indicated in manufacturer references (sick.com/psirt and SICK IM0084411 documentation)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References