Vulnerability Description
The product can be used to distribute malicious code using SDD Device Drivers due to missing download verification checks, leading to code execution on target systems.
CVSS Score
9.3
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Related Weaknesses (CWE)
References
- https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SI
- https://github.security.telekom.com/2025/03/multiple-vulnerabilities-in-sick-dl1
- https://sick.com/psirt
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
- https://www.first.org/cvss/calculator/3.1
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0004.json
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0004.pdf
FAQ
What is CVE-2025-27593?
CVE-2025-27593 is a vulnerability with a CVSS score of 9.3 (CRITICAL). The product can be used to distribute malicious code using SDD Device Drivers due to missing download verification checks, leading to code execution on target systems.
How severe is CVE-2025-27593?
CVE-2025-27593 has been rated CRITICAL with a CVSS base score of 9.3/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-27593?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.