Vulnerability Description
The standard user uses the run as function to start the MEAC applications with administrative privileges. To ensure that the system can startup on its own, the credentials of the administrator were stored. Consequently, the EPC2 user can execute any command with administrative privileges. This allows a privilege escalation to the administrative level.
CVSS Score
CRITICAL
Related Weaknesses (CWE)
References
- https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SI
- https://sick.com/psirt
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
- https://www.first.org/cvss/calculator/3.1
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0001.json
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0001.pdf
FAQ
What is CVE-2025-0867?
CVE-2025-0867 is a vulnerability with a CVSS score of 9.9 (CRITICAL). The standard user uses the run as function to start the MEAC applications with administrative privileges. To ensure that the system can startup on its own, the credentials of the administrator were st...
How severe is CVE-2025-0867?
CVE-2025-0867 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-0867?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.