CVE-2025-27595

Weak hashing alghrythm

Description

The device uses a weak hashing alghorithm to create the password hash. Hence, a matching password can be easily calculated by an attacker. This impacts the security and the integrity of the device.

Remediation

Workaround:

Please make sure that you apply general security practices when operating the products. The following General Security Practices and Operating Guidelines could mitigate the associated security risk.

References

Link	Tags
https://sick.com/psirt
https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
https://www.first.org/cvss/calculator/3.1
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0004.pdf	vendor advisory
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0004.json	vendor advisory
https://github.security.telekom.com/2025/03/multiple-vulnerabilities-in-sick-dl100.html	third party advisory

Frequently Asked Questions

What is the severity of CVE-2025-27595?: CVE-2025-27595 has been scored as a critical severity vulnerability.
How to fix CVE-2025-27595?: As a workaround for remediating CVE-2025-27595: Please make sure that you apply general security practices when operating the products. The following General Security Practices and Operating Guidelines could mitigate the associated security risk.
Is CVE-2025-27595 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2025-27595 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-27595?: CVE-2025-27595 affects SICK AG SICK DL100-2xxxxxxx.

Description

Remediation

Category

CWE-328 – Use of Weak Hash

References

Frequently Asked Questions