Article No° | Product Name | Affected Version(s) |
---|---|---|
Draeger ICMHelper | <= 1.4.0.1 |
A security vulnerability was identified in the ICMHelper service running on the system of an ICM installation. A low privileged local attacker could exploit this vulnerability to issue OS commands with the highest privileges.
A low privileged local attacker can interact with the affected service although user-interaction should not be allowed.
A low privileged local attacker can abuse the affected service by using a hardcoded cryptographic key.
The vulnerability CVE-2025-41698 allows an attacker to gain full access to application, sensitive information, client system and server. This requires successful exploitation of CVE-2025-2810.
Remediation
The issue has been fixed in ICMHelper version 2.0.1.0.
CERT@VDE coordinated with Dräger
Dräger thanks to CODE WHITE GmbH for responsible disclosure