Summary: SICK has issued a security advisory regarding critical vulnerabilities in its DL100-2xxxxxxx devices, with three specific CVEs identified that threaten the integrity, availability, and confidentiality of these products. The advisory outlines severe vulnerabilities that may allow for malicious code execution, interception of sensitive information, and exploitation due to weak hashing algorithms. Users are encouraged to apply the recommended mitigations to enhance security and minimize risks associated with these vulnerabilities.
Affected: SICK DL100-2xxxxxxx devices, all firmware versions
Keypoints :
- CVE-2025-27593: Download of Code Without Integrity Check, CVSS score 9.3.
- CVE-2025-27594: Cleartext Transmission of Sensitive Information, CVSS score 7.5.
- CVE-2025-27595: Use of Weak Hash, CVSS score 9.8.
- SICK recommends operating affected systems within a secure infrastructure.
- Workarounds and general security practices are provided in the advisory.
- SICK acknowledges that no public exploits are currently known for these vulnerabilities.