ICSA-25-338-05 · Published 2025-12-04 · View on CISA ICS-CERT ↗

Sunbird DCIM dcTrack and Power IQ

CVSS 6.7 MEDIUM

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access or steal credentials.

CVE-2025-66238 CVE-2025-66237

Sunbird recommends that users take the following actions:
dcTrack: Update to 9.2.3
Power: Update to IQ 9.2.1
If updating immediately is not possible, Sunbird additionally recommends that customers:
Restrict SSH or any non-essential port access in the IP Based Access Control.
Passwords for SSH based user accounts be changed at the time of deployment.

Sunbird

Sunbird · DCIM dcTrack <=v9.2.0

Sunbird · Power IQ <=v9.2.0

Information Technology, Critical Manufacturing

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.