VDB
CVE-2025-0867
CVE-2025-0867
PUBLISHED
CVSS 9.899999618530273 CRITICAL
The standard user uses the run as function to start the MEAC applications with administrative privileges. To ensure that the system can startup on its own, the credentials of the administrator were stored. Consequently, the EPC2 user can execute any command with administrative privileges. This allows a privilege escalation to the administrative level.
EPSS 0.17% · 38.6th percentile
Risk Scores
CVSS 3.1
9.899999618530273
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.17%
38.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SICK AG | SICK MEAC300 | 0 |
Exploit Intelligence
- CIRCL seen: CVE-2025-0867 (circl-sighting)
- CIRCL seen: CVE-2025-0867 (circl-sighting)
- CIRCL seen: CVE-2025-0867 (circl-sighting)
- CIRCL seen: CVE-2025-0867 (circl-sighting)
- CIRCL seen: CVE-2025-0867 (circl-sighting)
- CIRCL seen: CVE-2025-0867 (circl-sighting)
- CIRCL seen: CVE-2025-0867 (circl-sighting)
- CIRCL seen: CVE-2025-0867 (circl-sighting)
- CIRCL seen: CVE-2025-0867 (circl-sighting)
- CIRCL seen: CVE-2025-0867 (circl-sighting)
…and 6 more exploits
Timeline
- Jan 30, 2025 CVE ID Reserved
- Feb 14, 2025 CVE Published
- Feb 14, 2025 PoC Published
- Feb 14, 2025 PoC Published
- Feb 14, 2025 PoC Published
- Feb 14, 2025 PoC Published
- Feb 14, 2025 PoC Published
- Feb 15, 2025 EPSS Score
- Feb 15, 2025 PoC Published
- Feb 15, 2025 PoC Published
- Feb 20, 2025 PoC Published
- Feb 20, 2025 PoC Published
References
- https://sick.com/psirt url
- https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.first.org/cvss/calculator/3.1 url
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0001.pdf vendor-advisory
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0001.json vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-0867 advisory