Arbitrary Command Execution Vulnerability in SICK Devices
CVE-2025-0593

8.8HIGH

Key Information:

Vendor
Sick Ag
Status
Sick Lector8xx
Sick Inspectorp8xx
Vendor
CVE Published:
14 February 2025

Summary

A vulnerability affecting SICK devices allows a remote, low privileged attacker to execute arbitrary shell commands. This is accomplished by utilizing lower-level functions to interact with the device, potentially leading to unauthorized control and manipulation of system functionality. Users are encouraged to review security practices and apply necessary patches provided by SICK to mitigate this risk.

Affected Version(s)

SICK InspectorP8xx 0 < 3.11.1

SICK Lector8xx 0 < 2.4.0

References

https://sick.com/psirt
x_SICK PSIRT Website
https://cdn.sick.com/media/docs/1/11/411/Special_informat...
x_ICS-CERT recommended practices on Industrial Security
https://www.cisa.gov/resources-tools/resources/ics-recomm...
x_ICS-CERT recommended practices on Industrial Security

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.