top of page

Sunbird DCIM dcTrack and Power IQ

4 december 2025 om 12:00:00

cisa.gov

CISA advisory for Sunbird DCIM dcTrack and Power IQ products containing two critical vulnerabilities: authentication bypass using alternate path (CVE-2025-66238) and hard-coded credentials (CVE-2025-66237). Both vulnerabilities affect versions 9.2.0 and prior, with CVSS scores of 7.4 and 8.4 respectively. Successful exploitation could allow unauthorized access, credential theft, privilege escalation, or system command execution. Sunbird has released patches - dcTrack 9.2.3 and Power IQ 9.2.1. The vulnerabilities impact critical infrastructure sectors including Information Technology and Critical Manufacturing worldwide.

Related links:

https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-05https://github.com/cisagov/CSAFhttps://cwe.mitre.org/data/definitions/288.htmlhttps://www.cve.org/CVERecord?id=CVE-2025-66238https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:Nhttps://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:Nhttps://cwe.mitre.org/data/definitions/798.htmlhttps://www.cve.org/CVERecord?id=CVE-2025-66237https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:Hhttps://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:Nhttps://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01https://www.cisa.gov/resources-tools/resources/ics-recommended-practiceshttps://www.cisa.gov/topics/industrial-control-systemshttps://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdfhttps://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdfhttps://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01Bhttps://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdfhttps://www.cisa.gov/uscert/ncas/tips/ST04-014

Related CVE's:

CVE-2025-66238CVE-2025-66237

Related threat actors:

No threat actors found in this article

Affected products:

Sunbird DCIM dcTrackSunbird Power IQ

IOC's:

No IOCs found in this article

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page