Primary

Context

SICK DL100 Download of Code Without Integrity Check Vulnerability Allowing Remote Code Execution

Vulnerability

A vulnerability exists in the SICK DL100-2xxxxxxx product line, all firmware versions, allowing the distribution of malicious code via SDD Device Drivers. This issue arises from the absence of download verification checks, which could lead to unauthorized code execution on the target system.

Impact

Exploitation of this vulnerability could result in unauthorized code execution on the affected system.

Remediation

SICK recommends applying general security practices when operating these products. Specific guidelines can be found in the SICK Operating Guidelines for Industrial Information Security.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SICK DL100 Download of Code Without Integrity Check Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating