CVE-2025-0593
Published: 14 February 2025
Description
The vulnerability may allow a remote low priviledged attacker to run arbitrary shell commands by using lower-level functions to interact with the device.
Security Summary
CVE-2025-0593 is a command injection vulnerability (CWE-77) that allows a remote low-privileged attacker to execute arbitrary shell commands on affected devices by exploiting lower-level functions designed for device interaction. Published on 2025-02-14 with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), it impacts certain SICK products, as detailed in the vendor's advisories.
A remote attacker possessing low privileges can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation enables full control over the device, resulting in high-impact confidentiality, integrity, and availability violations, such as unauthorized data access, modification, or disruption.
SICK's PSIRT advisories, including the special cybersecurity information document (IM0084411.PDF) and CSAF provider document (sca-2025-0002.json), provide details on affected products and recommended mitigations. Additional resources from CISA on ICS practices and the FIRST CVSS calculator offer further context for assessment and remediation.
Details
- CWE(s)