PT-2025-11262 · Sick Ag · Sick Dl100-2Xxxxxxx

Leonard Lewedei

Published

2025-03-14

Updated

2025-03-20

CVE-2025-27594

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined.

Description: The issue concerns the use of an unencrypted, proprietary protocol for communication, which allows an attacker to intercept the authentication hash. This hash can then be used to log into the device using a pass-the-hash attack. The protocol is used for transmitting configuration data and performing device authentication.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319

Related Identifiers

BDU:2026-00200

CVE-2025-27594

Affected Products

Sick Dl100-2Xxxxxxx

PT-2025-11262 · Sick Ag · Sick Dl100-2Xxxxxxx

CVE-2025-27594

Weakness Enumeration

Related Identifiers

Affected Products

References · 13