Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-0592
PUBLISHED
More InfoOfficial Page
Assigner-SICK AG
Assigner Org ID-a6863dd2-93fc-443d-bef1-79f0b5020988
View Known Exploited Vulnerability (KEV) details
Published At-14 Feb, 2025 | 20:16
Updated At-14 Feb, 2025 | 22:01
Rejected At-
▼CVE Numbering Authority (CNA)
SICK Lector8xx and InspectorP8xx vulnerable for code execution

The vulnerability may allow a remote low priviledged attacker to run arbitrary shell commands by manipulating the firmware file and uploading it to the device.

Affected Products
Vendor
SICK AGSICK AG
Product
SICK Lector8xx
Default Status
unaffected
Versions
Affected
  • From 0 before 2.4.0 (custom)
Vendor
SICK AGSICK AG
Product
SICK InspectorP8xx
Default Status
unaffected
Versions
Affected
  • From 0 before 3.11.1 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-924CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel
Type: CWE
CWE ID: CWE-924
Description: CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Users are strongly recommended to upgrade to the latest release of the Lector8xx (>=2.4.0) and the InspectorP8xx (>=3.11.1) respectively that includes a patch for the vulnerability. It is also recommended to set a secure password, please refer to the respective operating instructions, linked in the reference section.

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://sick.com/psirt
x_SICK PSIRT Website
https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF
x_ICS-CERT recommended practices on Industrial Security
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
x_ICS-CERT recommended practices on Industrial Security
https://www.first.org/cvss/calculator/3.1
x_CVSS v3.1 Calculator
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0002.pdf
vendor-advisory
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0002.json
vendor-advisory
x_csaf
Hyperlink: https://sick.com/psirt
Resource:
x_SICK PSIRT Website
Hyperlink: https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF
Resource:
x_ICS-CERT recommended practices on Industrial Security
Hyperlink: https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
Resource:
x_ICS-CERT recommended practices on Industrial Security
Hyperlink: https://www.first.org/cvss/calculator/3.1
Resource:
x_CVSS v3.1 Calculator
Hyperlink: https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0002.pdf
Resource:
vendor-advisory
Hyperlink: https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0002.json
Resource:
vendor-advisory
x_csaf
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found