Description
DCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could use these credentials to administer the database, escalate privileges on the platform or execute system commands on the host.
References (2)
Core 2
Core References
Various Sources
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-338-05.json
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-05
Scores
CVSS v3
6.7
EPSS
0.0011
EPSS Percentile
1.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-798
Status
published
Products (6)
Sunbird/DCIM dcTrack
< v9.2.0
Sunbird/DCIM dcTrack
9.2.3
Sunbird/IQ
< v9.2.0
Sunbird/IQ
9.2.1
Sunbird/Power IQ
< v9.2.0
Sunbird/Power IQ
9.2.1
Published
Dec 04, 2025
Tracked Since
Feb 18, 2026