CVE-2025-27459

Sažetak

The VNC application stores its passwords encrypted within the registry but uses DES for encryption. As DES is broken, the original passwords can be recovered.

Reference

https://sick.com/psirt
https://sick.com/psirt
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
https://www.endress.com
https://www.first.org/cvss/calculator/3.1
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.json
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.pdf

CVSS

Base:	4.4
Impact:	3.6
Exploitability:	0.8

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	HIGH

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	NONE	NONE

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Zadnje važnije ažuriranje

03-07-2025 - 15:13

Objavljeno

03-07-2025 - 12:15