Eclipse Cyclone DDS Vulnerabilities have no impact on SICK picoScan150 & SICK picoScan120 products

Eclipse Cyclone DDS has known vulnerabilities and is used in SICK picoScan150 and SICK picoScan120 products starting with version 2.2.0. A current analysis confirms that the identified vulnerabilities CVE-2025-67109 and CVE-2023-24011 do not affect SICK picoScan150 and SICK picoScan120. Both...

CVE-2025-67109

Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges...

CVE-2025-67109

Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges...

CVE-2025-67109

Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation via the ddstime function due to insufficient validation in the time certificate verification. An attacker can gain elevated privileges and execute arbitrary commands by bypassing certificate checks...

CVE-2025-67109

The CVE-2025-67109 entry concerns Eclipse Cyclone DDS prior to version 0.10.5, with a root cause described as improper verification of the time certificate. This weakness allows an attacker to bypass certificate checks and execute commands with System privileges. Multiple sources corroborate the ...

CVE-2025-67109

Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges...

Eclipse Cyclone DDS 安全漏洞

Eclipse Cyclone DDS is a very high performance and robust open source DDS implementation from the Eclipse Foundation. A security vulnerability exists in Eclipse Cyclone DDS versions prior to 0.10.5 that stems from improper validation of time certificates, which could lead to elevation of privileg...

CVE-2025-67109

Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges...

PT-2025-52762

Name of the Vulnerable Software and Affected Versions Eclipse Cyclone DDS versions prior to 0.10.5 Description A flaw exists in Eclipse Cyclone DDS that involves improper verification of the time certificate. This allows attackers to bypass certificate checks and potentially execute commands with...

EUVD-2020-10651

Malware in sbrugna...

EUVD-2020-10652

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-18735

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap buffer overflow in /src/ddsstream.c of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash. CVE-2020-18735 Note that Nessus...

CVE-2020-18734

A stack buffer overflow in /ddsi/qbitset.h of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash...

CVE-2020-18735

A heap buffer overflow in /src/ddsstream.c of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash...

CVE-2023-24011 Data Distribution Service (DDS) Chain of Trust (CoT) violation vulnerability in Cyclone DDS

An attacker can arbitrarily craft malicious DDS Participants or ROS 2 Nodes with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS7 certificate’s validation. This is caused by a...

DEBIAN-CVE-2021-38443

Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser...

Eclipse Cyclone DDS 代码问题漏洞

Eclipse Cyclone DDS is a very high performance and robust open source DDS implementation from the Eclipse Foundation. A code issue vulnerability exists in Eclipse Cyclone DDS that stems from the product's failure to properly handle write-what-where logic. The vulnerability allows an attacker to...

Eclipse Cyclone DDS 输入验证错误漏洞

Eclipse Cyclone DDS is a very high performance and robust open source DDS implementation from the Eclipse Foundation. An input validation error vulnerability exists in Eclipse Cyclone DDS that stems from the product incorrectly handling invalid structures. An attacker could use this vulnerability...

CVE-2020-18734

A stack buffer overflow in /ddsi/qbitset.h of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash...