Share: Email | Twitter

ID

VDE-2025-028

Published

2025-08-05 10:00 (CEST)

Last update

2025-08-05 08:58 (CEST)

Vendor(s)

Drägerwerk AG & Co. KGaA

Product(s)

Article No° Product Name Affected Version(s)
Draeger ICMHelper <= 1.4.0.1

Summary

A security vulnerability was identified in the ICMHelper service running on the system of an ICM installation. A low privileged local attacker could exploit this vulnerability to issue OS commands with the highest privileges.

Vulnerabilities



Last Update
Aug. 5, 2025, 8:55 a.m.
Weakness
Missing Authorization (CWE-862)
Summary

A low privileged local attacker can interact with the affected service although user-interaction should not be allowed.

Details
certvde.com 
Last Update
Aug. 5, 2025, 8:53 a.m.
Weakness
Use of Hard-coded Cryptographic Key (CWE-321)
Summary

A low privileged local attacker can abuse the affected service by using a hardcoded cryptographic key.

Details
certvde.com 

Impact

The vulnerability CVE-2025-41698 allows an attacker to gain full access to application, sensitive information, client system and server. This requires successful exploitation of CVE-2025-2810.

Solution

Remediation

The issue has been fixed in ICMHelper version 2.0.1.0.

Reported by

CERT@VDE coordinated with Dräger

Dräger thanks to CODE WHITE GmbH for responsible disclosure