CVE-2025-27460
📋 TL;DR
This vulnerability allows attackers with physical access to bypass Windows login security by booting from an alternative operating system, enabling full read/write access to unencrypted hard drives. It affects devices lacking full disk encryption like BitLocker. Industrial control systems and other physical devices from vendors like SICK and Endress+Hauser are impacted.
💻 Affected Systems
- SICK industrial devices
- Endress+Hauser devices
- Other industrial control systems
📦 What is this software?
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete data theft, malware installation, system compromise, and operational disruption in industrial environments
Likely Case
Data exfiltration and unauthorized access to sensitive files when physical security is breached
If Mitigated
Minimal impact with proper disk encryption and physical security controls
🎯 Exploit Status
Attack requires physical access and basic technical knowledge to boot from external media
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: N/A
Vendor Advisory: https://sick.com/psirt
Restart Required: No
Instructions:
1. Consult vendor documentation for encryption support. 2. Enable full disk encryption (BitLocker for Windows). 3. Configure encryption with strong authentication. 4. Secure recovery keys.
🔧 Temporary Workarounds
Enable BitLocker Encryption
windowsConfigure full disk encryption on Windows systems
manage-bde -on C: -RecoveryPassword -SkipHardwareTest
manage-bde -protectors -add C: -TPMAndPIN
Implement Physical Security Controls
allRestrict physical access to devices
🧯 If You Can't Patch
- Implement strict physical access controls and surveillance
- Use encrypted external storage for sensitive data and remove drives when not in use
🔍 How to Verify
Check if Vulnerable:
Check if BitLocker or full disk encryption is enabled: manage-bde -status C: (Windows) or check /etc/crypttab (Linux)Check Version:
Not version-dependent - check encryption status insteadVerify Fix Applied:
Confirm encryption status shows 'Protection On' and all volumes encrypted📡 Detection & Monitoring
Log Indicators:
- Physical access logs
- Boot sequence anomalies
- BitLocker recovery events
Network Indicators:
- N/A - Physical attack vector
SIEM Query:
EventID 4104 (BitLocker Drive Encryption) OR physical access control system alerts🔗 References
- https://sick.com/psirt
- https://sick.com/psirt
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
- https://www.endress.com
- https://www.first.org/cvss/calculator/3.1
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.json
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.pdf
