top of page
perceptive_background_267k.jpg

Sunbird DCIM dcTrack and Power IQ

Published:

4 December 2025 at 12:00:00

Alert date:

5 December 2025 at 08:03:22

Source:

cisa.gov

Click to open the original link from this advisory

CISA advisory reports critical vulnerabilities in Sunbird DCIM dcTrack and Power IQ products (versions 9.2.0 and prior) with CVSS v4 score of 8.4. CVE-2025-66238 allows authentication bypass through alternate paths enabling network traffic redirection. CVE-2025-66237 involves hard-coded credentials allowing database administration and privilege escalation. Affects critical infrastructure sectors including IT and manufacturing worldwide. Successful exploitation could allow unauthorized access and credential theft. Updates available: dcTrack 9.2.3 and Power IQ 9.2.1.

Technical details

Mitigation steps:

Affected products:

Sunbird DCIM dcTrack
Sunbird Power IQ

Related links:

https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-05
https://github.com/cisagov/CSAF
https://cwe.mitre.org/data/definitions/288.html
https://www.cve.org/CVERecord?id=CVE-2025-66238
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
https://cwe.mitre.org/data/definitions/798.html
https://www.cve.org/CVERecord?id=CVE-2025-66237
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
https://www.cisa.gov/topics/industrial-control-systems
https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf
https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B
https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf
https://www.cisa.gov/uscert/ncas/tips/ST04-014

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page