Summary
A security vulnerability was identified in the ICMHelper service running on the system of an ICM installation.
A low privileged local attacker could exploit this vulnerability to issue OS commands with the highest privileges.
Impact
The vulnerability CVE-2025-41698 allows an attacker to gain full access to application, sensitive information, client system and server. This requires successful exploitation of CVE-2025-2810.
Affected Product(s)
Model no. | Product name | Affected versions |
---|---|---|
Draeger ICMHelper <=1.4.0.1 | Draeger ICMHelper <=1.4.0.1 |
Vulnerabilities
Expand / Collapse allA low privileged local attacker can interact with the affected service although user-interaction should not be allowed.
A low privileged local attacker can abuse the affected service by using a hardcoded cryptographic key.
Remediation
The issue has been fixed in ICMHelper version 2.0.1.0.
Acknowledgments
Drägerwerk AG & Co. KGaA thanks the following parties for their efforts:
- CERT@VDE for coordination (see https://certvde.com )
- CODE WHITE GmbH for responsible disclosure
Revision History
Version | Date | Summary |
---|---|---|
1 | 08/05/2025 12:00 | Initial revision. |