Skip to main content
(844) 422-7000

Author: Admin @CloudCentric

ABB PCM600

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

Summary

Successful exploitation of this vulnerability could allow an attacker to send specially crafted messages to the system node resulting in execution of arbitrary code.

The following versions of ABB PCM600 are affected:

  • PCM600 >=1.5|<=2.13 
CVSS Vendor Equipment Vulnerabilities
v3 4.4 ABB ABB PCM600 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

Background

  • Critical Infrastructure Sectors: Critical Manufacturing
  • Countries/Areas Deployed: Worldwide
  • Company Headquarters Location: Switzerland

Vulnerabilities

Expand All +

CVE-2018-1002208

A vulnerability exists in the SharpZip.dll included in the product versions listed above. An attacker could exploit vulnerability by providing a specially crafted message to the system node, causing insertion, and running of arbitrary code.

View CVE Details

Affected Products

ABB PCM600
Vendor:
ABB
Product Version:
ABB PCM600: >=1.5|<=2.13
Product Status:
known_affected
Remediations

Vendor fix
The problem is corrected in the following product version: ABB Protection and control IED manager PCM600 version 2.14. ABB recommends that customers apply the update at earliest convenience.

Vendor fix
Note: RE_630 protection relays are not compatible with PCM600 version 2.14. When using earlier PCM600 versions with RE_630, the known vulnerability must be mitigated through system-level defenses. For mitigation guidance, refer to the General Security Recommendations.

Vendor fix
The following product versions have been fixed: Protection and Control IED manager PCM600 2.14 is a fixed version for CVE-2018-1002208

Mitigation
For more information see the associated ABB PSIRT security advisory 2NGA002813 ABB CYBERSECURITY ADVISORY – PDF version (https://search.abb.com/library/Download.aspx?DocumentID=2NGA002813&LanguageCode=en&DocumentPartId=pdf&Action=Launch), ABB CYBERSECURITY ADVISORY – CSAF version (https://psirt.abb.com/csaf/2025/2nga002813.json).
https://search.abb.com/library/Download.aspx?DocumentID=2NGA002813&LanguageCode=en&DocumentPartId=pdf&Action=Launch

Mitigation
For more information see the associated ABB PSIRT security advisory 2NGA002813 ABB CYBERSECURITY ADVISORY – PDF version (https://search.abb.com/library/Download.aspx?DocumentID=2NGA002813&LanguageCode=en&DocumentPartId=pdf&Action=Launch), ABB CYBERSECURITY ADVISORY – CSAF version (https://psirt.abb.com/csaf/2025/2nga002813.json).
https://psirt.abb.com/csaf/2025/2nga002813.json

Relevant CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 4.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N

Acknowledgments

  • ABB PSIRT reported this vulnerability to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability.

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.

Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.

Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely. This vulnerability has a high attack complexity.

Revision History

  • Initial Release Date: 2026-04-30
Date Revision Summary
2026-04-30 1 Initial Republication of ABB PSIRT 2NGA002813

Legal Notice and Terms of Use

ABB Ability Symphony Plus Engineering

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

Summary

ABB became aware of vulnerability in the products versions listed as affected in the advisory. The ABB S+ Engineering product versions are affected by vulnerabilities in PostgreSQL version 13.11 and earlier versions. If an attacker gains access to a site’s S+ Client Server network, they could exploit such vulnerabilities by executing arbitrary code and potentially compromising the entire system.

The following versions of ABB Ability Symphony Plus Engineering are affected:

  • Ability Symphony Plus 2.2, 2.3, 2.3_RU1, 2.3_RU2, 2.3_RU3, 2.4, 2.4_SP1, 2.4_SP2, 2.4_SP2_RU1 
CVSS Vendor Equipment Vulnerabilities
v3 8.8 ABB ABB Ability Symphony Plus Engineering Integer Overflow or Wraparound, Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’), Time-of-check Time-of-use (TOCTOU) Race Condition, Privilege Dropping / Lowering Errors

Background

  • Critical Infrastructure Sectors: Chemical, Critical Manufacturing, Energy, Water and Wastewater
  • Countries/Areas Deployed: Worldwide
  • Company Headquarters Location: Switzerland

Vulnerabilities

Expand All +

CVE-2023-5869

An attacker running as an authenticated PostgreSQL user can provide crafted data and trigger the integer overflow due to such missing overflow check. This can enable the execution of arbitrary code in the system.

View CVE Details

Affected Products

ABB Ability Symphony Plus Engineering
Vendor:
ABB
Product Version:
ABB Ability Symphony Plus S+ Engineering 2.2, ABB Ability Symphony Plus S+ Engineering 2.3, ABB Ability Symphony Plus S+ Engineering 2.3 RU1, ABB Ability Symphony Plus S+ Engineering 2.3 RU2, ABB Ability Symphony Plus S+ Engineering 2.3 RU3, ABB Ability Symphony Plus S+ Engineering 2.4, ABB Ability Symphony Plus S+ Engineering 2.4 SP1, ABB Ability Symphony Plus S+ Engineering 2.4 SP2
Product Status:
fixed, known_affected
Remediations

Vendor fix
ABB advises all customers to review their installations to determine if they are using an impacted product as listed above, no further analysis or tools are needed to make this determination. The recommended immediate actions per product are listed below: – Systems using S+ Engineering 2.2 through 2.4 SP2 should upgrade to S+ Engineering 2.4 SP2 RU1 (re-leased in December 2024) or later. – End users who are unable to install one of these updates should immediately look to implement the Mitigation and Workarounds listed below as this will restrict or prevent an attacker’s ability to com-promise the system. ABB recommends that customers apply the update at the earliest convenience.

Mitigation
Any exploit of these vulnerabilities would require that the attacker has access to the site’s S+ client/server network. Following ABB’s recommended security practices, including network architecture and perimeter firewall, are mitigating factors in preventing external access to the S+ client/server net-work. Refer to section “General security recommendations” for further advise on how to keep your system secure.

Workaround
No workarounds are available. Assess the installation specific risk based on this advisory. Use the recommendations described under “Mitigating factors” or “Recommended immediate actions”.

Relevant CWE: CWE-190 Integer Overflow or Wraparound

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C

CVE-2023-39417

If an administrator has installed Extension scripts and specific data is used inside a quoting con-struct, an attacker having proper PostgreSQL privileges can execute arbitrary code in the system as the administrator.

View CVE Details

Affected Products

ABB Ability Symphony Plus Engineering
Vendor:
ABB
Product Version:
ABB Ability Symphony Plus S+ Engineering 2.2, ABB Ability Symphony Plus S+ Engineering 2.3, ABB Ability Symphony Plus S+ Engineering 2.3 RU1, ABB Ability Symphony Plus S+ Engineering 2.3 RU2, ABB Ability Symphony Plus S+ Engineering 2.3 RU3, ABB Ability Symphony Plus S+ Engineering 2.4, ABB Ability Symphony Plus S+ Engineering 2.4 SP1, ABB Ability Symphony Plus S+ Engineering 2.4 SP2
Product Status:
fixed, known_affected
Remediations

Vendor fix
ABB advises all customers to review their installations to determine if they are using an impacted product as listed above, no further analysis or tools are needed to make this determination. The recommended immediate actions per product are listed below: – Systems using S+ Engineering 2.2 through 2.4 SP2 should upgrade to S+ Engineering 2.4 SP2 RU1 (re-leased in December 2024) or later. – End users who are unable to install one of these updates should immediately look to implement the Mitigation and Workarounds listed below as this will restrict or prevent an attacker’s ability to com-promise the system. ABB recommends that customers apply the update at the earliest convenience.

Mitigation
Any exploit of these vulnerabilities would require that the attacker has access to the site’s S+ client/server network. Following ABB’s recommended security practices, including network architecture and perimeter firewall, are mitigating factors in preventing external access to the S+ client/server net-work. Refer to section “General security recommendations” for further advise on how to keep your system secure.

Workaround
No workarounds are available. Assess the installation specific risk based on this advisory. Use the recommendations described under “Mitigating factors” or “Recommended immediate actions”.

Relevant CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C

CVE-2024-7348

A ‘time-of-check time-of-use’ (TOCTOU) race condition in a PostgreSQL can allow an attacker to easily execute arbitrary SQL functions by leveraging a PostgreSQL utility often executed with high privileges.

View CVE Details

Affected Products

ABB Ability Symphony Plus Engineering
Vendor:
ABB
Product Version:
ABB Ability Symphony Plus S+ Engineering 2.2, ABB Ability Symphony Plus S+ Engineering 2.3, ABB Ability Symphony Plus S+ Engineering 2.3 RU1, ABB Ability Symphony Plus S+ Engineering 2.3 RU2, ABB Ability Symphony Plus S+ Engineering 2.3 RU3, ABB Ability Symphony Plus S+ Engineering 2.4, ABB Ability Symphony Plus S+ Engineering 2.4 SP1, ABB Ability Symphony Plus S+ Engineering 2.4 SP2
Product Status:
fixed, known_affected
Remediations

Vendor fix
ABB advises all customers to review their installations to determine if they are using an impacted product as listed above, no further analysis or tools are needed to make this determination. The recommended immediate actions per product are listed below: – Systems using S+ Engineering 2.2 through 2.4 SP2 should upgrade to S+ Engineering 2.4 SP2 RU1 (re-leased in December 2024) or later. – End users who are unable to install one of these updates should immediately look to implement the Mitigation and Workarounds listed below as this will restrict or prevent an attacker’s ability to com-promise the system. ABB recommends that customers apply the update at the earliest convenience.

Mitigation
Any exploit of these vulnerabilities would require that the attacker has access to the site’s S+ client/server network. Following ABB’s recommended security practices, including network architecture and perimeter firewall, are mitigating factors in preventing external access to the S+ client/server net-work. Refer to section “General security recommendations” for further advise on how to keep your system secure.

Workaround
No workarounds are available. Assess the installation specific risk based on this advisory. Use the recommendations described under “Mitigating factors” or “Recommended immediate actions”.

Relevant CWE: CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C

CVE-2024-0985

An attacker can provide untrusted materialized views and lure a high privileged authorized user to inadvertently execute arbitrary SQL functions by refreshing the attacker’s materialized view.

View CVE Details

Affected Products

ABB Ability Symphony Plus Engineering
Vendor:
ABB
Product Version:
ABB Ability Symphony Plus S+ Engineering 2.2, ABB Ability Symphony Plus S+ Engineering 2.3, ABB Ability Symphony Plus S+ Engineering 2.3 RU1, ABB Ability Symphony Plus S+ Engineering 2.3 RU2, ABB Ability Symphony Plus S+ Engineering 2.3 RU3, ABB Ability Symphony Plus S+ Engineering 2.4, ABB Ability Symphony Plus S+ Engineering 2.4 SP1, ABB Ability Symphony Plus S+ Engineering 2.4 SP2
Product Status:
fixed, known_affected
Remediations

Vendor fix
ABB advises all customers to review their installations to determine if they are using an impacted product as listed above, no further analysis or tools are needed to make this determination. The recommended immediate actions per product are listed below: – Systems using S+ Engineering 2.2 through 2.4 SP2 should upgrade to S+ Engineering 2.4 SP2 RU1 (re-leased in December 2024) or later. – End users who are unable to install one of these updates should immediately look to implement the Mitigation and Workarounds listed below as this will restrict or prevent an attacker’s ability to com-promise the system. ABB recommends that customers apply the update at the earliest convenience.

Mitigation
Any exploit of these vulnerabilities would require that the attacker has access to the site’s S+ client/server network. Following ABB’s recommended security practices, including network architecture and perimeter firewall, are mitigating factors in preventing external access to the S+ client/server net-work. Refer to section “General security recommendations” for further advise on how to keep your system secure.

Workaround
No workarounds are available. Assess the installation specific risk based on this advisory. Use the recommendations described under “Mitigating factors” or “Recommended immediate actions”.

Relevant CWE: CWE-271 Privilege Dropping / Lowering Errors

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C

Acknowledgments

  • ABB Global reported these vulnerabilities to CISA. 

Notice

The information in this document is subject to change without notice, and should not be construed as a commitment by ABB. ABB provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall ABB or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software described in this document, even if ABB or its suppliers have been advised of the possibility of such damages. This document and parts hereof must not be reproduced or copied without written permission from ABB, and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose. All rights to registrations and trademarks reside with their respective owners.

Frequently Asked Questions

What is the scope of the vulnerability? – An attacker who successfully exploited these vulnerabilities could insert and run arbitrary code in the S+ system. What causes the vulnerability? – It is caused by several vulnerabilities in the PostgreSQL version 13.11 and earlier versions component used by the S+ Engineering product (see Affected products). What might an attacker use the vulnerability to do? – An attacker who successfully accessed the site’s S+ client/server network could cause a denial-of-service situation, corruptions of data or unauthorized disclosure of information. How could an attacker exploit the vulnerability? – To exploit the PostgreSQL vulnerabilities (see Vulnerability severity and details), an attacker should successfully access to the site’s S+ client/server network, remotely (through a wrongly configured or penetrated firewall) or even compromising a local machine and then accessing to PostgreSQL. Recommended practices help mitigate such attacks, see section Mitigating Factors above. Could the vulnerability be exploited remotely? – Yes, see the above How could an attacker exploit the vulnerability? Recommended practices include that process control systems are physically protected, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed. Can functional safety be affected by an exploit of this vulnerability? – Functional safety systems are not affected by these vulnerabilities What does the update do? – The S+ Engineering update removes the vulnerability by installing a secure updated PostgreSQL version. When this security advisory was issued, had this vulnerability been publicly disclosed? – Yes, PostgreSQL 13.11 vulnerabilities have been publicly disclosed. When this security advisory was issued, had ABB received any reports that this vulnerability was being exploited? – No, ABB had not received any information indicating that S+ Engineering had been exploited when this security advisory was originally issued.

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.

Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolate them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Advisory Conversion Disclaimer

This ICSA is a verbatim republication of ABB PSIRT 7PAA017341 from a direct conversion of the vendor’s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA’s website as a means of increasing visibility and is provided “as-is” for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact ABB PSIRT directly for any questions regarding this advisory.

Revision History

  • Initial Release Date: 2026-04-13
Date Revision Summary
2026-04-13 1 Initial version.
2026-04-30 2 Initial CISA Republication of ABB PSIRT 7PAA017341 advisory

Legal Notice and Terms of Use

ABB Edgenius Management Portal

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

Summary

Successful exploitation of this vulnerability could allow an attacker to send a specially crafted message to the system node allowing the attacker to install and run arbitrary code, uninstall applications, and modify the configuration of installed applications.

The following versions of ABB Edgenius Management Portal are affected:

  • Edgenius Management Portal 3.2.0.0|3.2.1.1
CVSS Vendor Equipment Vulnerabilities
v3 9.6 ABB ABB Edgenius Management Portal Authentication Bypass Using an Alternate Path or Channel

Background

  • Critical Infrastructure Sectors: Critical Manufacturing, Information Technology
  • Countries/Areas Deployed: Worldwide
  • Company Headquarters Location: Switzerland

Vulnerabilities

Expand All +

CVE-2025-10571

The Edgenius Management Portal in the affected product versions contains a vulnerability that allows authentication to be bypassed. An attacker could exploit the vulnerability by sending a specially crafted message to the system node allowing the attacker to install and run arbitrary code, uninstall in-stalled applications and modify the configuration of installed applications.

View CVE Details

Affected Products

ABB Edgenius Management Portal
Vendor:
ABB
Product Version:
ABB Edgenius Management Portal: 3.2.0.0|3.2.1.1
Product Status:
known_affected
Remediations

Vendor fix
ABB has prepared an update to fix this vulnerability included in the latest Roll-Up, ABB Ability Edgenius version 3.2.2.0. ABB advises customers to upgrade as soon as possible. Until the upgrade is applied, ABB advises customers to disable the Edgenius Management Portal to mitigate the vulnerability.

Vendor fix
All affected products: Exploitation requires an attacker to have gained access to the network where Edgenius has been deployed, and while the Edgenius Management Portal is running. Refer to section “General security recommendations” for further advise on how to keep your system secure.

Mitigation
All affected products: Workarounds are specific measures that a user can take to help block an attack, for example, temporarily disabling the vulnerable feature may remove the exposure with well-known impact on functionality. ABB has tested the following workaround.

Mitigation
The following product versions have been fixed:
Ability Edgenius 3.2.2.0 is a fixed version for CVE-2025-10571

Mitigation
For more information see the associated ABB PSIRT security advisory 7PAA022088 ABB CYBERSECURITY ADVISORY – PDF version (https://search.abb.com/library/Download.aspx?DocumentID=7PAA022088&LanguageCode=en&DocumentPartId=&Action=Launch), ABB CYBERSECURITY ADVISORY – CSAF version (https://psirt.abb.com/csaf/2025/7paa022088.json).
https://search.abb.com/library/Download.aspx?DocumentID=7PAA022088&LanguageCode=en&DocumentPartId=&Action=Launch

Mitigation
For more information see the associated ABB PSIRT security advisory 7PAA022088 ABB CYBERSECURITY ADVISORY – PDF version (https://search.abb.com/library/Download.aspx?DocumentID=7PAA022088&LanguageCode=en&DocumentPartId=&Action=Launch), ABB CYBERSECURITY ADVISORY – CSAF version (https://psirt.abb.com/csaf/2025/7paa022088.json).
https://psirt.abb.com/csaf/2025/7paa022088.json

Relevant CWE: CWE-288 Authentication Bypass Using an Alternate Path or Channel

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Acknowledgments

  • ABB PSIRT reported this vulnerability to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability.

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.

Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.

Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.

Revision History

  • Initial Release Date: 2026-04-30
Date Revision Summary
2026-04-30 1 Initial Republication of ABB PSIRT 7PAA022088

Legal Notice and Terms of Use

ABB AWIN Gateways

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

Summary

Successful exploitation of these vulnerabilities could allow an attacker to remotely reboot the device or complete an unauthenticated query to reveal system configuration, including sensitive details.

The following versions of ABB AWIN Gateways are affected:

  • ABB AWIN Firmware (2.0-0) installed on ABB AWIN GW100 rev.2 2.0-0 
  • ABB AWIN Firmware (2.0-1) installed on ABB AWIN GW100 rev.2 2.0-1 
  • ABB AWIN Firmware (1.2-0) installed on ABB AWIN GW120 1.2-0 
  • ABB AWIN Firmware (1.2-1) installed on ABB AWIN GW120 1.2-1 
CVSS Vendor Equipment Vulnerabilities
v3 8.3 ABB ABB AWIN Gateways Authentication Bypass by Capture-replay, Missing Authentication for Critical Function

Background

  • Critical Infrastructure Sectors: Critical Manufacturing
  • Countries/Areas Deployed: Worldwide
  • Company Headquarters Location: Switzerland

Vulnerabilities

Expand All +

CVE-2025-13777

An unauthenticated query reveals data. Authentication Bypass due to Improper Session Validation.

View CVE Details

Affected Products

ABB AWIN Gateways
Vendor:
ABB
Product Version:
ABB ABB AWIN Firmware (2.0-0) installed on ABB AWIN GW100 rev.2: 2.0-0, ABB ABB AWIN Firmware (2.0-1) installed on ABB AWIN GW100 rev.2: 2.0-1, ABB ABB AWIN Firmware (1.2-0) installed on ABB AWIN GW120: 1.2-0, ABB ABB AWIN Firmware (1.2-1) installed on ABB AWIN GW120: 1.2-1
Product Status:
known_affected
Remediations

Mitigation
The following product versions have been fixed:
ABB AWIN Firmware 2.1-0 installed on ABB AWIN GW100 rev. 2 (Product ID: 3BNP102988R1) are fixed versions for CVE-2025-13777
ABB AWIN Firmware2.0-0 installed on ABB AWIN GW120 (Product ID 3BNP103003R1) are fixed versions for CVE-2025-13777

Mitigation
For more information see the associated ABB PSIRT security advisory 4JNO000329 ABB CYBERSECURITY ADVISORY – PDF Version https://search.abb.com/library/Download.aspx?DocumentID=4JNO000329&LanguageCode=en&DocumentPartId=&Action=Launch, ABB CYBERSECURITY ADVISORY – CSAF Version https://psirt.abb.com/csaf/2026/4jno000329.json.
https://search.abb.com/library/Download.aspx?DocumentID=4JNO000329&LanguageCode=en&DocumentPartId=&Action=Launch

Mitigation
For more information see the associated ABB PSIRT security advisory 4JNO000329 ABB CYBERSECURITY ADVISORY – PDF Version https://search.abb.com/library/Download.aspx?DocumentID=4JNO000329&LanguageCode=en&DocumentPartId=&Action=Launch, ABB CYBERSECURITY ADVISORY – CSAF Version https://psirt.abb.com/csaf/2026/4jno000329.json.
https://psirt.abb.com/csaf/2026/4jno000329.json

Relevant CWE: CWE-294 Authentication Bypass by Capture-replay

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 8.3 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

CVE-2025-13778

An unauthenticated query allows an attacker to remotely reboot the device, potentially causing a denial of service.

View CVE Details

Affected Products

ABB AWIN Gateways
Vendor:
ABB
Product Version:
ABB ABB AWIN Firmware (2.0-0) installed on ABB AWIN GW100 rev.2: 2.0-0, ABB ABB AWIN Firmware (2.0-1) installed on ABB AWIN GW100 rev.2: 2.0-1, ABB ABB AWIN Firmware (1.2-0) installed on ABB AWIN GW120: 1.2-0, ABB ABB AWIN Firmware (1.2-1) installed on ABB AWIN GW120: 1.2-1
Product Status:
known_affected
Remediations

Mitigation
The following product versions have been fixed:
ABB AWIN Firmware 2.1-0 installed on ABB AWIN GW100 rev. 2 (Product ID: 3BNP102988R1) are fixed versions for CVE-2025-13778
ABB AWIN Firmware2.0-0 installed on ABB AWIN GW120 (Product ID 3BNP103003R1) are fixed versions for CVE-2025-13778

Mitigation
For more information see the associated ABB PSIRT security advisory 4JNO000329 ABB CYBERSECURITY ADVISORY – PDF Version https://search.abb.com/library/Download.aspx?DocumentID=4JNO000329&LanguageCode=en&DocumentPartId=&Action=Launch, ABB CYBERSECURITY ADVISORY – CSAF Version https://psirt.abb.com/csaf/2026/4jno000329.json.
https://search.abb.com/library/Download.aspx?DocumentID=4JNO000329&LanguageCode=en&DocumentPartId=&Action=Launch

Mitigation
For more information see the associated ABB PSIRT security advisory 4JNO000329 ABB CYBERSECURITY ADVISORY – PDF Version https://search.abb.com/library/Download.aspx?DocumentID=4JNO000329&LanguageCode=en&DocumentPartId=&Action=Launch, ABB CYBERSECURITY ADVISORY – CSAF Version https://psirt.abb.com/csaf/2026/4jno000329.json.
https://psirt.abb.com/csaf/2026/4jno000329.json

Relevant CWE: CWE-306 Missing Authentication for Critical Function

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2025-13779

An unauthenticated query reveals the system configuration, including sensitive details.

View CVE Details

Affected Products

ABB AWIN Gateways
Vendor:
ABB
Product Version:
ABB ABB AWIN Firmware (2.0-0) installed on ABB AWIN GW100 rev.2: 2.0-0, ABB ABB AWIN Firmware (2.0-1) installed on ABB AWIN GW100 rev.2: 2.0-1, ABB ABB AWIN Firmware (1.2-0) installed on ABB AWIN GW120: 1.2-0, ABB ABB AWIN Firmware (1.2-1) installed on ABB AWIN GW120: 1.2-1
Product Status:
known_affected
Remediations

Mitigation
The following product versions have been fixed:
ABB AWIN Firmware 2.1-0 installed on ABB AWIN GW100 rev. 2 (Product ID: 3BNP102988R1) are fixed versions for CVE-2025-13779
ABB AWIN Firmware2.0-0 installed on ABB AWIN GW120 (Product ID 3BNP103003R1) are fixed versions for CVE-2025-13779

Mitigation
For more information see the associated ABB PSIRT security advisory 4JNO000329 ABB CYBERSECURITY ADVISORY – PDF Version https://search.abb.com/library/Download.aspx?DocumentID=4JNO000329&LanguageCode=en&DocumentPartId=&Action=Launch, ABB CYBERSECURITY ADVISORY – CSAF Version https://psirt.abb.com/csaf/2026/4jno000329.json.
https://search.abb.com/library/Download.aspx?DocumentID=4JNO000329&LanguageCode=en&DocumentPartId=&Action=Launch

Mitigation
For more information see the associated ABB PSIRT security advisory 4JNO000329 ABB CYBERSECURITY ADVISORY – PDF Version https://search.abb.com/library/Download.aspx?DocumentID=4JNO000329&LanguageCode=en&DocumentPartId=&Action=Launch, ABB CYBERSECURITY ADVISORY – CSAF Version https://psirt.abb.com/csaf/2026/4jno000329.json.
https://psirt.abb.com/csaf/2026/4jno000329.json

Relevant CWE: CWE-306 Missing Authentication for Critical Function

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 8.3 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

Acknowledgments

  • Fred Alvarez reported these vulnerabilities to ABB

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities.

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.

Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.

Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. These vulnerabilities are not exploitable remotely.

Revision History

  • Initial Release Date: 2026-04-30
Date Revision Summary
2026-04-30 1 Initial Republication of ABB 4JNO000329

Legal Notice and Terms of Use

ABB Ability OPTIMAX

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

Summary

Successful exploitation of this vulnerability could allow an attacker to bypass user authentication on OPTIMAX installations that make use of the Azure Active Directory Single-Sign On integration.

The following versions of ABB Ability OPTIMAX are affected:

  • ABB Ability OPTIMAX 6.1 vers:all/* 
  • ABB Ability OPTIMAX 6.2 vers:all/* 
  • ABB Ability OPTIMAX 6.3 <6.3.1-251120 
  • ABB Ability OPTIMAX 6.4 <6.4.1-251120 
CVSS Vendor Equipment Vulnerabilities
v3 8.1 ABB ABB Ability OPTIMAX Incorrect Implementation of Authentication Algorithm

Background

  • Critical Infrastructure Sectors: Energy, Water and Wastewater
  • Countries/Areas Deployed: Worldwide
  • Company Headquarters Location: Switzerland

Vulnerabilities

Expand All +

CVE-2025-14510

The vulnerability allows an attacker to bypass user authentication on OPTIMAX installations that make use of the Azure Active Directory Single-Sign On integration.

View CVE Details

Affected Products

ABB Ability OPTIMAX
Vendor:
ABB
Product Version:
ABB ABB Ability OPTIMAX 6.1: vers:all/*, ABB ABB Ability OPTIMAX 6.2: vers:all/*, ABB ABB Ability OPTIMAX 6.3: <6.3.1-251120, ABB ABB Ability OPTIMAX 6.4: <6.4.1-251120
Product Status:
known_affected
Remediations

Mitigation
The following product versions have been fixed: 

Ability OPTIMAX 6.3 6.3.1-251120 is a fixed version for CVE-2025-14510

Mitigation
For more information see the associated ABB PSIRT security advisory 9AKK108472A1331 ABB CYBERSECURITY ADVISORY – PDF Version (https://search.abb.com/library/Download.aspx?DocumentID=9AKK108472A1331&LanguageCode=en&DocumentPartId=&Action=Launch), ABB CYBERSECURITY ADVISORY – CSAF Version (https://psirt.abb.com/csaf/2026/9akk108472a1331.json).
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108472A1331&LanguageCode=en&DocumentPartId=&Action=Launch

Mitigation
For more information see the associated ABB PSIRT security advisory 9AKK108472A1331 ABB CYBERSECURITY ADVISORY – PDF Version (https://search.abb.com/library/Download.aspx?DocumentID=9AKK108472A1331&LanguageCode=en&DocumentPartId=&Action=Launch), ABB CYBERSECURITY ADVISORY – CSAF Version (https://psirt.abb.com/csaf/2026/9akk108472a1331.json).
https://psirt.abb.com/csaf/2026/9akk108472a1331.json

Relevant CWE: CWE-303 Incorrect Implementation of Authentication Algorithm

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Acknowledgments

  • ABB PSIRT reported this vulnerability to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability.

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.

Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.

Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability has a high attack complexity.

Revision History

  • Initial Release Date: 2026-04-30
Date Revision Summary
2026-04-30 1 Initial Republication of ABB PSIRT 9AKK108472A1331

Legal Notice and Terms of Use

NSA GRASSMARLIN

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

Summary

Successful exploitation of this vulnerability could allow an attacker to disclose sensitive information.

The following versions of NSA GRASSMARLIN are affected:

  • GRASSMARLIN vers:all/*
CVSS Vendor Equipment Vulnerabilities
v3 5.5 NSA NSA GRASSMARLIN Improper Restriction of XML External Entity Reference

Background

  • Critical Infrastructure Sectors: Information Technology
  • Countries/Areas Deployed: Worldwide
  • Company Headquarters Location: United States

Vulnerabilities

Expand All +

CVE-2026-6807

A vulnerability in GRASSMARLIN v3.2.1 allows crafted session data to trigger improper handling of XML input, which may result in unintended exposure of sensitive information. The flaw stems from insufficient hardening of the XML parsing process.

View CVE Details

Affected Products

NSA GRASSMARLIN
Vendor:
NSA
Product Version:
NSA GRASSMARLIN: vers:all/*
Product Status:
known_affected
Remediations

Vendor fix
NSA has indicated that the GRASSMARLIN project has reached end-of-life status as of 2017 and is no longer supported. The project is archived, and no patches or further updates are planned or expected.

Relevant CWE: CWE-611 Improper Restriction of XML External Entity Reference

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Acknowledgments

  • Grady DeRosa reported this vulnerability to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability.

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.

Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.

Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

Revision History

  • Initial Release Date: 2026-04-28
Date Revision Summary
2026-04-28 1 Initial Publication

Legal Notice and Terms of Use

Carlson Software VASCO-B GNSS Receiver

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

Summary

Successful exploitation of this vulnerability could enable a remote attacker to alter critical system functions or disrupt device operation.

The following versions of Carlson Software VASCO-B GNSS Receiver are affected:

  • VASCO-B GNSS Receiver <1.4.0 (CVE-2026-3893)
CVSS Vendor Equipment Vulnerabilities
v3 9.4 Carlson Software Carlson Software VASCO-B GNSS Receiver Missing Authentication for Critical Function

Background

  • Critical Infrastructure Sectors: Critical Manufacturing
  • Countries/Areas Deployed: Worldwide
  • Company Headquarters Location: United States

Vulnerabilities

Expand All +

CVE-2026-3893

The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions without needing credentials.

View CVE Details

Affected Products

Carlson Software VASCO-B GNSS Receiver
Vendor:
Carlson Software
Product Version:
Carlson Software VASCO-B GNSS Receiver: <1.4.0
Product Status:
known_affected
Remediations

Mitigation
Carlson Software recommends users update to Version 1.4.0 or greater. For more information contact Carlson Software https://www.carlsonsw.com/support-and-training/
https://www.carlsonsw.com/support-and-training/

Relevant CWE: CWE-306 Missing Authentication for Critical Function

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 9.4 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Acknowledgments

  • Souvik Kandar reported this vulnerability to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability.

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

Revision History

  • Initial Release Date: 2026-04-23
Date Revision Summary
2026-04-23 1 Initial Publication

Legal Notice and Terms of Use

Yadea T5 Electric Bicycle

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

Summary

Successful exploitation of this vulnerability could result in an attacker being able to unlock and start the bicycle, leading to vehicle theft.

The following versions of Yadea T5 Electric Bicycle are affected:

  • T5 Electric Bicycle vers:all/* (CVE-2025-70994)
CVSS Vendor Equipment Vulnerabilities
v3 7.3 Yadea Yadea T5 Electric Bicycle Weak Authentication

Background

  • Critical Infrastructure Sectors: Transportation Systems
  • Countries/Areas Deployed: Worldwide
  • Company Headquarters Location: China

Vulnerabilities

Expand All +

CVE-2025-70994

Yadea T5 Electric Bicycles have a weak authentication mechanism which is vulnerable to signal forgery after a local attacker intercepts any legitimate key fob transmissions.

View CVE Details

Affected Products

Yadea T5 Electric Bicycle
Vendor:
Yadea
Product Version:
Yadea T5 Electric Bicycle: vers:all/*
Product Status:
known_affected
Remediations

Mitigation
Yadea did not respond to CISA’s attempts at coordination. Users of Yadea T5 Electric Bicycles are encouraged to keep their systems up to date and lock their property securely with external mechanisms. Users can contact Yadea at https://yadea.com/contact-us.
https://yadea.com/contact-us

Relevant CWE: CWE-1390 Weak Authentication

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 7.3 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Acknowledgments

  • Ashen Chathuranga reported this vulnerability to MITRE and CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.

Revision History

  • Initial Release Date: 2026-04-23
Date Revision Summary
2026-04-23 1 Initial Publication

Legal Notice and Terms of Use

Milesight Cameras

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

Summary

Successful exploitation of these vulnerabilities could crash the device being accessed or allow remote code execution.

The following versions of Milesight Cameras are affected:

  • MS-Cxx63-PD <=51.7.0.77-r12 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-Cxx64-xPD <=51.7.0.77-r12 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-Cxx73-xPD <=51.7.0.77-r12 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-Cxx75-xxPD <=51.7.0.77-r12 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-Cxx83-xPD <=51.7.0.77-r12 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-Cxx74-PA <=3x.8.0.3-r11 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-C8477-HPG1 <=63.8.0.4-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-C8477-PC <=48.8.0.4-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-C5321-FPE <=62.8.0.4-r5 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-Cxx72-xxxPE <=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-Cxx62-xxxPE <=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-Cxx52-xxxPE <=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-Cxx66-xxxPE <=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-Cxx66-xxxGPE <=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-Cxx61-xxxPE <=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-Cxx67-xxxPE <=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-Cxx71-xxxPE <=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-Cxx41-xxxPE <=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-Cxx76-PE <=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-Cxx65-PE <=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-Cxx66-xxxG1 <=63.8.0.5-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-Cxx62-xxxG1 <=63.8.0.5-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-Cxx72-xxxG1 <=63.8.0.5-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-CQxx31-xxxG1 <=CQ_63.8.0.5-r1 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-CQxx68-xxxG1 <=CQ_63.8.0.5-r1 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-CQxx72-xxxG1 <=CQ_63.8.0.5-r1 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-Nxxxx-NxE <=7x.9.0.19-r5 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-Nxxxx-xxC <=7x.9.0.19-r5 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-Nxxxx-xxE <=7x.9.0.19-r5 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-Nxxxx-xxG <=7x.9.0.19-r5 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-Nxxxx-xxH <=7x.9.0.19-r5 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-Nxxxx-xxT <=7x.9.0.19-r5 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • PMC8266-FPE <=PO_61.8.0.4_LPR (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • PMC8266-FGPE <=PO_61.8.0.4_LPR (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • PM3322-E <=PI_61.8.0.3_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • TS4466-X4RIPG1 <=T_63.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • TS5366-X12RIPG1 <=T_63.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • TS8266-X4RIPG1 <=T_63.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • TS4466-X4RIVPG1 <=T_63.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • TS4466-RFIVPG1 <=T_63.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • TS8266-X4RIVPG1 <=T_63.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • TS8266-RFIVPG1 <=T_63.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • TS4466-X4RIWG1 <=T_63.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • TS8266-X4RIWG1 <=T_63.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • TS5510-GVH <=T_47.8.0.4_LPR-r7 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • TS5510-GH <=T_47.8.0.4_LPR-r6 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • TS5511-GVH <=T_47.8.0.4_LPR-r6 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • TS2966-X12TPE <=T_61.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • TS4466-X4RPE <=T_61.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • TS5366-X12PE <=T_61.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • TS8266-X4PE <=T_61.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • TS2966-X12TVPE <=T_61.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • TS4466-X4RVPE <=T_61.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • TS5366-X12VPE <=T_61.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • TS8266-X4VPE <=T_61.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • TS4441-X36RPE <=T_61.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • TS4441-X36RE <=T_61.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • TS4466-X4RWE <=T_61.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • TS8266-X4WE <=T_61.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-C2964-RFLPC <=T_45.8.0.3-r9 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-C2972-RFLPC <=T_45.8.0.3-r9 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-C2966-RFLWPC <=T_45.8.0.3-r9 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • TS2866-X4TPC <=T_45.8.0.3-r9 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • TS2866-X4TVPC <=T_45.8.0.3-r9 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • TS2866-X4TGPC <=T_45.8.0.3-r9 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • TS2841-X36TPC <=T_45.8.0.3-r9 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • TS2841-X36TPC/W <=T_45.8.0.3-r9 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • TS2867-X5TPC <=T_45.8.0.3-r9 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • TS2961-X12TPC <=T_45.8.0.3-r9 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • TS8266-FPC/P <=T_45.8.0.3-r9 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-C2966-X12RLPC <=T_45.8.0.3-r9 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-C2966-X12RLVPC <=T_45.8.0.3-r9 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-C5366-X12LPC <=T_45.8.0.3-r9 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-C5366-X12LVPC <=T_45.8.0.3-r9 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-C5361-X12LPC <=T_45.8.0.3-r9 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-Cxx66-xxxxGOPC <=45.8.0.2-AIoT-r4 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • SC211 <=C_21.1.0.8-r4 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • SP111 <=52.8.0.4-r5 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-Cxx66-RFIPKG1 <=63.8.0.4-r1-NX (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-Cxx72-RFIPKG1 <=63.8.0.4-r1-NX (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-Cxx66-FIPKG1 <=63.8.0.4-r1-NX (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
  • MS-Cxx72-FIPKG1 <=63.8.0.4-r1-NX (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766)
CVSS Vendor Equipment Vulnerabilities
v3 9.8 Milesight Milesight Cameras Authorization Bypass Through User-Controlled Key, Use of Hard-coded Credentials, Use of Hard-coded Cryptographic Key, Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’), Heap-based Buffer Overflow

Background

  • Critical Infrastructure Sectors: Commercial Facilities
  • Countries/Areas Deployed: Worldwide
  • Company Headquarters Location: China

Vulnerabilities

Expand All +

CVE-2026-28747

A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras.

View CVE Details

Affected Products

Milesight Cameras
Vendor:
Milesight
Product Version:
Milesight MS-Cxx63-PD: <=51.7.0.77-r12, Milesight MS-Cxx64-xPD: <=51.7.0.77-r12, Milesight MS-Cxx73-xPD: <=51.7.0.77-r12, Milesight MS-Cxx75-xxPD: <=51.7.0.77-r12, Milesight MS-Cxx83-xPD: <=51.7.0.77-r12, Milesight MS-Cxx74-PA: <=3x.8.0.3-r11, Milesight MS-C8477-HPG1: <=63.8.0.4-r3, Milesight MS-C8477-PC: <=48.8.0.4-r3, Milesight MS-C5321-FPE: <=62.8.0.4-r5, Milesight MS-Cxx72-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx62-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx52-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx66-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx66-xxxGPE: <=61.8.0.5-r2, Milesight MS-Cxx61-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx67-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx71-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx41-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx76-PE: <=61.8.0.5-r2, Milesight MS-Cxx65-PE: <=61.8.0.5-r2, Milesight MS-Cxx66-xxxG1: <=63.8.0.5-r3, Milesight MS-Cxx62-xxxG1: <=63.8.0.5-r3, Milesight MS-Cxx72-xxxG1: <=63.8.0.5-r3, Milesight MS-CQxx31-xxxG1: <=CQ_63.8.0.5-r1, Milesight MS-CQxx68-xxxG1: <=CQ_63.8.0.5-r1, Milesight MS-CQxx72-xxxG1: <=CQ_63.8.0.5-r1, Milesight MS-Nxxxx-NxE: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxC: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxE: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxG: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxH: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxT: <=7x.9.0.19-r5, Milesight PMC8266-FPE: <=PO_61.8.0.4_LPR, Milesight PMC8266-FGPE: <=PO_61.8.0.4_LPR, Milesight PM3322-E: <=PI_61.8.0.3_LPR-r3, Milesight TS4466-X4RIPG1: <=T_63.8.0.4_LPR-r3, Milesight TS5366-X12RIPG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-X4RIPG1: <=T_63.8.0.4_LPR-r3, Milesight TS4466-X4RIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS4466-RFIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-X4RIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-RFIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS4466-X4RIWG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-X4RIWG1: <=T_63.8.0.4_LPR-r3, Milesight TS5510-GVH: <=T_47.8.0.4_LPR-r7, Milesight TS5510-GH: <=T_47.8.0.4_LPR-r6, Milesight TS5511-GVH: <=T_47.8.0.4_LPR-r6, Milesight TS2966-X12TPE: <=T_61.8.0.4_LPR-r3, Milesight TS4466-X4RPE: <=T_61.8.0.4_LPR-r3, Milesight TS5366-X12PE: <=T_61.8.0.4_LPR-r3, Milesight TS8266-X4PE: <=T_61.8.0.4_LPR-r3, Milesight TS2966-X12TVPE: <=T_61.8.0.4_LPR-r3, Milesight TS4466-X4RVPE: <=T_61.8.0.4_LPR-r3, Milesight TS5366-X12VPE: <=T_61.8.0.4_LPR-r3, Milesight TS8266-X4VPE: <=T_61.8.0.4_LPR-r3, Milesight TS4441-X36RPE: <=T_61.8.0.4_LPR-r3, Milesight TS4441-X36RE: <=T_61.8.0.4_LPR-r3, Milesight TS4466-X4RWE: <=T_61.8.0.4_LPR-r3, Milesight TS8266-X4WE: <=T_61.8.0.4_LPR-r3, Milesight MS-C2964-RFLPC: <=T_45.8.0.3-r9, Milesight MS-C2972-RFLPC: <=T_45.8.0.3-r9, Milesight MS-C2966-RFLWPC: <=T_45.8.0.3-r9, Milesight TS2866-X4TPC: <=T_45.8.0.3-r9, Milesight TS2866-X4TVPC: <=T_45.8.0.3-r9, Milesight TS2866-X4TGPC: <=T_45.8.0.3-r9, Milesight TS2841-X36TPC: <=T_45.8.0.3-r9, Milesight TS2841-X36TPC/W: <=T_45.8.0.3-r9, Milesight TS2867-X5TPC: <=T_45.8.0.3-r9, Milesight TS2961-X12TPC: <=T_45.8.0.3-r9, Milesight TS8266-FPC/P: <=T_45.8.0.3-r9, Milesight MS-C2966-X12RLPC: <=T_45.8.0.3-r9, Milesight MS-C2966-X12RLVPC: <=T_45.8.0.3-r9, Milesight MS-C5366-X12LPC: <=T_45.8.0.3-r9, Milesight MS-C5366-X12LVPC: <=T_45.8.0.3-r9, Milesight MS-C5361-X12LPC: <=T_45.8.0.3-r9, Milesight MS-Cxx66-xxxxGOPC: <=45.8.0.2-AIoT-r4, Milesight SC211: <=C_21.1.0.8-r4, Milesight SP111: <=52.8.0.4-r5, Milesight MS-Cxx66-RFIPKG1: <=63.8.0.4-r1-NX, Milesight MS-Cxx72-RFIPKG1: <=63.8.0.4-r1-NX, Milesight MS-Cxx66-FIPKG1: <=63.8.0.4-r1-NX, Milesight MS-Cxx72-FIPKG1: <=63.8.0.4-r1-NX
Product Status:
known_affected
Remediations

Mitigation
Milesight advises all users to update their device to the latest firmware versions of PE/PC/PA found at https://www.milesight.com/support/download/firmware. 
https://www.milesight.com/support/download/firmware

Vendor fix
MS-Cxx63-PD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13

Vendor fix
MS-Cxx64-xPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13

Vendor fix
MS-Cxx73-xPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13

Vendor fix
MS-Cxx75-xxPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13

Vendor fix
MS-Cxx83-xPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13

Vendor fix
MS-Cxx74-PA: 3x.8.0.3-r11 and prior versions: Update to 3x.8.0.3-r13

Vendor fix
MS-C8477-HPG1: 63.8.0.4-r3 and prior versions: Update to 63.8.0.4-r4

Vendor fix
MS-C8477-PC: 48.8.0.4-r3 and prior versions: Update to 48.8.0.4-r4

Vendor fix
MS-C5321-FPE: 62.8.0.4-r5 and prior versions: Update to 62.8.0.4-r6

Vendor fix
MS-Cxx72-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx62-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx52-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx66-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx66-xxxGPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx61-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx67-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx71-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx41-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx76-PE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx65-PE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx66-xxxG1: 63.8.0.5-r3 and prior versions: Update to 63.8.0.5-r4

Vendor fix
MS-Cxx62-xxxG1: 63.8.0.5-r3 and prior versions: Update to 63.8.0.5-r4

Vendor fix
MS-Cxx72-xxxG1: 63.8.0.5-r3 and prior versions: Update to 63.8.0.5-r4

Vendor fix
MS-CQxx31-xxxG1: CQ_63.8.0.5-r1 and prior versions: Update to CQ_63.8.0.5-r2

Vendor fix
MS-CQxx68-xxxG1: CQ_63.8.0.5-r1 and prior versions: Update to CQ_63.8.0.5-r2

Vendor fix
MS-CQxx72-xxxG1: CQ_63.8.0.5-r1 and prior versions: Update to CQ_63.8.0.5-r2

Vendor fix
MS-Nxxxx-NxE: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6

Vendor fix
MS-Nxxxx-xxC: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6

Vendor fix
MS-Nxxxx-xxE: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6

Vendor fix
MS-Nxxxx-xxG: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6

Vendor fix
MS-Nxxxx-xxH: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6

Vendor fix
MS-Nxxxx-xxT: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6

Vendor fix
PMC8266-FPE: PO_61.8.0.4_LPR and prior versions: Update to PO_61.8.0.4-r1

Vendor fix
PMC8266-FGPE: PO_61.8.0.4_LPR and prior versions: Update to PO_61.8.0.4-r1

Vendor fix
PM3322-E: PI_61.8.0.3_LPR-r3 and prior versions: Update to PI_61.8.0.3-r5

Vendor fix
TS4466-X4RIPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS5366-X12RIPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS8266-X4RIPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS4466-X4RIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS4466-RFIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS8266-X4RIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS8266-RFIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS4466-X4RIWG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS8266-X4RIWG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS5510-GVH: T_47.8.0.4_LPR-r7 and prior versions: Update to T_47.8.0.4-r8

Vendor fix
TS5510-GH: T_47.8.0.4_LPR-r6 and prior versions : Update to T_47.8.0.4-r8

Vendor fix
TS5511-GVH: T_47.8.0.4_LPR-r6 and prior versions: Update to T_47.8.0.4-r8

Vendor fix
TS2966-X12TPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS4466-X4RPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS5366-X12PE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS8266-X4PE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS2966-X12TVPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS4466-X4RVPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS5366-X12VPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS8266-X4VPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS4441-X36RPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS4441-X36RE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS4466-X4RWE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS8266-X4WE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
MS-C2964-RFLPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
MS-C2972-RFLPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
MS-C2966-RFLWPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
TS2866-X4TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
TS2866-X4TVPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
TS2866-X4TGPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
TS2841-X36TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
TS2841-X36TPC/W: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
TS2867-X5TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
TS2961-X12TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
TS8266-FPC/P: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
MS-C2966-X12RLPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
MS-C2966-X12RLVPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
MS-C5366-X12LPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
MS-C5366-X12LVPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
MS-C5361-X12LPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
MS-Cxx66-xxxxGOPC : 45.8.0.2-AIoT-r4 and prior versions: Update to 45.8.0.2-AIoT-r5

Vendor fix
SC211: C_21.1.0.8-r4 and prior versions: Update to C_21.1.0.8-r5

Vendor fix
SP111: 52.8.0.4-r5 and prior versions: Update to 52.8.0.4-r6

Vendor fix
MS-Cxx66-RFIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX

Vendor fix
MS-Cxx72-RFIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX

Vendor fix
MS-Cxx66-FIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX

Vendor fix
MS-Cxx72-FIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX

Mitigation
Milesight asks all users to report potential security vulnerabilities to [email protected].
mailto:[email protected]

Mitigation
Learn more: Milesight Vulnerability Reporting Policy
https://www.milesight.com/legal/vulnerability-report

Relevant CWE: CWE-639 Authorization Bypass Through User-Controlled Key

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 7.1 HIGH CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2026-27785

Specific firmware versions of Milesight AIOT camera firmware contain hard-coded credentials.

View CVE Details

Affected Products

Milesight Cameras
Vendor:
Milesight
Product Version:
Milesight MS-Cxx63-PD: <=51.7.0.77-r12, Milesight MS-Cxx64-xPD: <=51.7.0.77-r12, Milesight MS-Cxx73-xPD: <=51.7.0.77-r12, Milesight MS-Cxx75-xxPD: <=51.7.0.77-r12, Milesight MS-Cxx83-xPD: <=51.7.0.77-r12, Milesight MS-Cxx74-PA: <=3x.8.0.3-r11, Milesight MS-C8477-HPG1: <=63.8.0.4-r3, Milesight MS-C8477-PC: <=48.8.0.4-r3, Milesight MS-C5321-FPE: <=62.8.0.4-r5, Milesight MS-Cxx72-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx62-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx52-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx66-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx66-xxxGPE: <=61.8.0.5-r2, Milesight MS-Cxx61-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx67-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx71-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx41-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx76-PE: <=61.8.0.5-r2, Milesight MS-Cxx65-PE: <=61.8.0.5-r2, Milesight MS-Cxx66-xxxG1: <=63.8.0.5-r3, Milesight MS-Cxx62-xxxG1: <=63.8.0.5-r3, Milesight MS-Cxx72-xxxG1: <=63.8.0.5-r3, Milesight MS-CQxx31-xxxG1: <=CQ_63.8.0.5-r1, Milesight MS-CQxx68-xxxG1: <=CQ_63.8.0.5-r1, Milesight MS-CQxx72-xxxG1: <=CQ_63.8.0.5-r1, Milesight MS-Nxxxx-NxE: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxC: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxE: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxG: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxH: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxT: <=7x.9.0.19-r5, Milesight PMC8266-FPE: <=PO_61.8.0.4_LPR, Milesight PMC8266-FGPE: <=PO_61.8.0.4_LPR, Milesight PM3322-E: <=PI_61.8.0.3_LPR-r3, Milesight TS4466-X4RIPG1: <=T_63.8.0.4_LPR-r3, Milesight TS5366-X12RIPG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-X4RIPG1: <=T_63.8.0.4_LPR-r3, Milesight TS4466-X4RIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS4466-RFIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-X4RIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-RFIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS4466-X4RIWG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-X4RIWG1: <=T_63.8.0.4_LPR-r3, Milesight TS5510-GVH: <=T_47.8.0.4_LPR-r7, Milesight TS5510-GH: <=T_47.8.0.4_LPR-r6, Milesight TS5511-GVH: <=T_47.8.0.4_LPR-r6, Milesight TS2966-X12TPE: <=T_61.8.0.4_LPR-r3, Milesight TS4466-X4RPE: <=T_61.8.0.4_LPR-r3, Milesight TS5366-X12PE: <=T_61.8.0.4_LPR-r3, Milesight TS8266-X4PE: <=T_61.8.0.4_LPR-r3, Milesight TS2966-X12TVPE: <=T_61.8.0.4_LPR-r3, Milesight TS4466-X4RVPE: <=T_61.8.0.4_LPR-r3, Milesight TS5366-X12VPE: <=T_61.8.0.4_LPR-r3, Milesight TS8266-X4VPE: <=T_61.8.0.4_LPR-r3, Milesight TS4441-X36RPE: <=T_61.8.0.4_LPR-r3, Milesight TS4441-X36RE: <=T_61.8.0.4_LPR-r3, Milesight TS4466-X4RWE: <=T_61.8.0.4_LPR-r3, Milesight TS8266-X4WE: <=T_61.8.0.4_LPR-r3, Milesight MS-C2964-RFLPC: <=T_45.8.0.3-r9, Milesight MS-C2972-RFLPC: <=T_45.8.0.3-r9, Milesight MS-C2966-RFLWPC: <=T_45.8.0.3-r9, Milesight TS2866-X4TPC: <=T_45.8.0.3-r9, Milesight TS2866-X4TVPC: <=T_45.8.0.3-r9, Milesight TS2866-X4TGPC: <=T_45.8.0.3-r9, Milesight TS2841-X36TPC: <=T_45.8.0.3-r9, Milesight TS2841-X36TPC/W: <=T_45.8.0.3-r9, Milesight TS2867-X5TPC: <=T_45.8.0.3-r9, Milesight TS2961-X12TPC: <=T_45.8.0.3-r9, Milesight TS8266-FPC/P: <=T_45.8.0.3-r9, Milesight MS-C2966-X12RLPC: <=T_45.8.0.3-r9, Milesight MS-C2966-X12RLVPC: <=T_45.8.0.3-r9, Milesight MS-C5366-X12LPC: <=T_45.8.0.3-r9, Milesight MS-C5366-X12LVPC: <=T_45.8.0.3-r9, Milesight MS-C5361-X12LPC: <=T_45.8.0.3-r9, Milesight MS-Cxx66-xxxxGOPC: <=45.8.0.2-AIoT-r4, Milesight SC211: <=C_21.1.0.8-r4, Milesight SP111: <=52.8.0.4-r5, Milesight MS-Cxx66-RFIPKG1: <=63.8.0.4-r1-NX, Milesight MS-Cxx72-RFIPKG1: <=63.8.0.4-r1-NX, Milesight MS-Cxx66-FIPKG1: <=63.8.0.4-r1-NX, Milesight MS-Cxx72-FIPKG1: <=63.8.0.4-r1-NX
Product Status:
known_affected
Remediations

Mitigation
Milesight advises all users to update their device to the latest firmware versions of PE/PC/PA found at https://www.milesight.com/support/download/firmware. 
https://www.milesight.com/support/download/firmware

Vendor fix
MS-Cxx63-PD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13

Vendor fix
MS-Cxx64-xPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13

Vendor fix
MS-Cxx73-xPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13

Vendor fix
MS-Cxx75-xxPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13

Vendor fix
MS-Cxx83-xPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13

Vendor fix
MS-Cxx74-PA: 3x.8.0.3-r11 and prior versions: Update to 3x.8.0.3-r13

Vendor fix
MS-C8477-HPG1: 63.8.0.4-r3 and prior versions: Update to 63.8.0.4-r4

Vendor fix
MS-C8477-PC: 48.8.0.4-r3 and prior versions: Update to 48.8.0.4-r4

Vendor fix
MS-C5321-FPE: 62.8.0.4-r5 and prior versions: Update to 62.8.0.4-r6

Vendor fix
MS-Cxx72-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx62-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx52-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx66-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx66-xxxGPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx61-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx67-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx71-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx41-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx76-PE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx65-PE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx66-xxxG1: 63.8.0.5-r3 and prior versions: Update to 63.8.0.5-r4

Vendor fix
MS-Cxx62-xxxG1: 63.8.0.5-r3 and prior versions: Update to 63.8.0.5-r4

Vendor fix
MS-Cxx72-xxxG1: 63.8.0.5-r3 and prior versions: Update to 63.8.0.5-r4

Vendor fix
MS-CQxx31-xxxG1: CQ_63.8.0.5-r1 and prior versions: Update to CQ_63.8.0.5-r2

Vendor fix
MS-CQxx68-xxxG1: CQ_63.8.0.5-r1 and prior versions: Update to CQ_63.8.0.5-r2

Vendor fix
MS-CQxx72-xxxG1: CQ_63.8.0.5-r1 and prior versions: Update to CQ_63.8.0.5-r2

Vendor fix
MS-Nxxxx-NxE: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6

Vendor fix
MS-Nxxxx-xxC: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6

Vendor fix
MS-Nxxxx-xxE: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6

Vendor fix
MS-Nxxxx-xxG: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6

Vendor fix
MS-Nxxxx-xxH: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6

Vendor fix
MS-Nxxxx-xxT: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6

Vendor fix
PMC8266-FPE: PO_61.8.0.4_LPR and prior versions: Update to PO_61.8.0.4-r1

Vendor fix
PMC8266-FGPE: PO_61.8.0.4_LPR and prior versions: Update to PO_61.8.0.4-r1

Vendor fix
PM3322-E: PI_61.8.0.3_LPR-r3 and prior versions: Update to PI_61.8.0.3-r5

Vendor fix
TS4466-X4RIPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS5366-X12RIPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS8266-X4RIPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS4466-X4RIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS4466-RFIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS8266-X4RIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS8266-RFIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS4466-X4RIWG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS8266-X4RIWG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS5510-GVH: T_47.8.0.4_LPR-r7 and prior versions: Update to T_47.8.0.4-r8

Vendor fix
TS5510-GH: T_47.8.0.4_LPR-r6 and prior versions : Update to T_47.8.0.4-r8

Vendor fix
TS5511-GVH: T_47.8.0.4_LPR-r6 and prior versions: Update to T_47.8.0.4-r8

Vendor fix
TS2966-X12TPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS4466-X4RPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS5366-X12PE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS8266-X4PE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS2966-X12TVPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS4466-X4RVPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS5366-X12VPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS8266-X4VPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS4441-X36RPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS4441-X36RE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS4466-X4RWE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS8266-X4WE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
MS-C2964-RFLPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
MS-C2972-RFLPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
MS-C2966-RFLWPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
TS2866-X4TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
TS2866-X4TVPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
TS2866-X4TGPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
TS2841-X36TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
TS2841-X36TPC/W: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
TS2867-X5TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
TS2961-X12TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
TS8266-FPC/P: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
MS-C2966-X12RLPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
MS-C2966-X12RLVPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
MS-C5366-X12LPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
MS-C5366-X12LVPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
MS-C5361-X12LPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
MS-Cxx66-xxxxGOPC : 45.8.0.2-AIoT-r4 and prior versions: Update to 45.8.0.2-AIoT-r5

Vendor fix
SC211: C_21.1.0.8-r4 and prior versions: Update to C_21.1.0.8-r5

Vendor fix
SP111: 52.8.0.4-r5 and prior versions: Update to 52.8.0.4-r6

Vendor fix
MS-Cxx66-RFIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX

Vendor fix
MS-Cxx72-RFIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX

Vendor fix
MS-Cxx66-FIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX

Vendor fix
MS-Cxx72-FIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX

Mitigation
Milesight asks all users to report potential security vulnerabilities to [email protected].
mailto:[email protected]

Mitigation
Learn more: Milesight Vulnerability Reporting Policy
https://www.milesight.com/legal/vulnerability-report

Relevant CWE: CWE-798 Use of Hard-coded Credentials

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2026-32644

Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys.

View CVE Details

Affected Products

Milesight Cameras
Vendor:
Milesight
Product Version:
Milesight MS-Cxx63-PD: <=51.7.0.77-r12, Milesight MS-Cxx64-xPD: <=51.7.0.77-r12, Milesight MS-Cxx73-xPD: <=51.7.0.77-r12, Milesight MS-Cxx75-xxPD: <=51.7.0.77-r12, Milesight MS-Cxx83-xPD: <=51.7.0.77-r12, Milesight MS-Cxx74-PA: <=3x.8.0.3-r11, Milesight MS-C8477-HPG1: <=63.8.0.4-r3, Milesight MS-C8477-PC: <=48.8.0.4-r3, Milesight MS-C5321-FPE: <=62.8.0.4-r5, Milesight MS-Cxx72-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx62-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx52-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx66-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx66-xxxGPE: <=61.8.0.5-r2, Milesight MS-Cxx61-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx67-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx71-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx41-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx76-PE: <=61.8.0.5-r2, Milesight MS-Cxx65-PE: <=61.8.0.5-r2, Milesight MS-Cxx66-xxxG1: <=63.8.0.5-r3, Milesight MS-Cxx62-xxxG1: <=63.8.0.5-r3, Milesight MS-Cxx72-xxxG1: <=63.8.0.5-r3, Milesight MS-CQxx31-xxxG1: <=CQ_63.8.0.5-r1, Milesight MS-CQxx68-xxxG1: <=CQ_63.8.0.5-r1, Milesight MS-CQxx72-xxxG1: <=CQ_63.8.0.5-r1, Milesight MS-Nxxxx-NxE: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxC: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxE: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxG: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxH: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxT: <=7x.9.0.19-r5, Milesight PMC8266-FPE: <=PO_61.8.0.4_LPR, Milesight PMC8266-FGPE: <=PO_61.8.0.4_LPR, Milesight PM3322-E: <=PI_61.8.0.3_LPR-r3, Milesight TS4466-X4RIPG1: <=T_63.8.0.4_LPR-r3, Milesight TS5366-X12RIPG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-X4RIPG1: <=T_63.8.0.4_LPR-r3, Milesight TS4466-X4RIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS4466-RFIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-X4RIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-RFIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS4466-X4RIWG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-X4RIWG1: <=T_63.8.0.4_LPR-r3, Milesight TS5510-GVH: <=T_47.8.0.4_LPR-r7, Milesight TS5510-GH: <=T_47.8.0.4_LPR-r6, Milesight TS5511-GVH: <=T_47.8.0.4_LPR-r6, Milesight TS2966-X12TPE: <=T_61.8.0.4_LPR-r3, Milesight TS4466-X4RPE: <=T_61.8.0.4_LPR-r3, Milesight TS5366-X12PE: <=T_61.8.0.4_LPR-r3, Milesight TS8266-X4PE: <=T_61.8.0.4_LPR-r3, Milesight TS2966-X12TVPE: <=T_61.8.0.4_LPR-r3, Milesight TS4466-X4RVPE: <=T_61.8.0.4_LPR-r3, Milesight TS5366-X12VPE: <=T_61.8.0.4_LPR-r3, Milesight TS8266-X4VPE: <=T_61.8.0.4_LPR-r3, Milesight TS4441-X36RPE: <=T_61.8.0.4_LPR-r3, Milesight TS4441-X36RE: <=T_61.8.0.4_LPR-r3, Milesight TS4466-X4RWE: <=T_61.8.0.4_LPR-r3, Milesight TS8266-X4WE: <=T_61.8.0.4_LPR-r3, Milesight MS-C2964-RFLPC: <=T_45.8.0.3-r9, Milesight MS-C2972-RFLPC: <=T_45.8.0.3-r9, Milesight MS-C2966-RFLWPC: <=T_45.8.0.3-r9, Milesight TS2866-X4TPC: <=T_45.8.0.3-r9, Milesight TS2866-X4TVPC: <=T_45.8.0.3-r9, Milesight TS2866-X4TGPC: <=T_45.8.0.3-r9, Milesight TS2841-X36TPC: <=T_45.8.0.3-r9, Milesight TS2841-X36TPC/W: <=T_45.8.0.3-r9, Milesight TS2867-X5TPC: <=T_45.8.0.3-r9, Milesight TS2961-X12TPC: <=T_45.8.0.3-r9, Milesight TS8266-FPC/P: <=T_45.8.0.3-r9, Milesight MS-C2966-X12RLPC: <=T_45.8.0.3-r9, Milesight MS-C2966-X12RLVPC: <=T_45.8.0.3-r9, Milesight MS-C5366-X12LPC: <=T_45.8.0.3-r9, Milesight MS-C5366-X12LVPC: <=T_45.8.0.3-r9, Milesight MS-C5361-X12LPC: <=T_45.8.0.3-r9, Milesight MS-Cxx66-xxxxGOPC: <=45.8.0.2-AIoT-r4, Milesight SC211: <=C_21.1.0.8-r4, Milesight SP111: <=52.8.0.4-r5, Milesight MS-Cxx66-RFIPKG1: <=63.8.0.4-r1-NX, Milesight MS-Cxx72-RFIPKG1: <=63.8.0.4-r1-NX, Milesight MS-Cxx66-FIPKG1: <=63.8.0.4-r1-NX, Milesight MS-Cxx72-FIPKG1: <=63.8.0.4-r1-NX
Product Status:
known_affected
Remediations

Mitigation
Milesight advises all users to update their device to the latest firmware versions of PE/PC/PA found at https://www.milesight.com/support/download/firmware. 
https://www.milesight.com/support/download/firmware

Vendor fix
MS-Cxx63-PD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13

Vendor fix
MS-Cxx64-xPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13

Vendor fix
MS-Cxx73-xPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13

Vendor fix
MS-Cxx75-xxPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13

Vendor fix
MS-Cxx83-xPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13

Vendor fix
MS-Cxx74-PA: 3x.8.0.3-r11 and prior versions: Update to 3x.8.0.3-r13

Vendor fix
MS-C8477-HPG1: 63.8.0.4-r3 and prior versions: Update to 63.8.0.4-r4

Vendor fix
MS-C8477-PC: 48.8.0.4-r3 and prior versions: Update to 48.8.0.4-r4

Vendor fix
MS-C5321-FPE: 62.8.0.4-r5 and prior versions: Update to 62.8.0.4-r6

Vendor fix
MS-Cxx72-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx62-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx52-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx66-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx66-xxxGPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx61-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx67-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx71-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx41-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx76-PE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx65-PE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx66-xxxG1: 63.8.0.5-r3 and prior versions: Update to 63.8.0.5-r4

Vendor fix
MS-Cxx62-xxxG1: 63.8.0.5-r3 and prior versions: Update to 63.8.0.5-r4

Vendor fix
MS-Cxx72-xxxG1: 63.8.0.5-r3 and prior versions: Update to 63.8.0.5-r4

Vendor fix
MS-CQxx31-xxxG1: CQ_63.8.0.5-r1 and prior versions: Update to CQ_63.8.0.5-r2

Vendor fix
MS-CQxx68-xxxG1: CQ_63.8.0.5-r1 and prior versions: Update to CQ_63.8.0.5-r2

Vendor fix
MS-CQxx72-xxxG1: CQ_63.8.0.5-r1 and prior versions: Update to CQ_63.8.0.5-r2

Vendor fix
MS-Nxxxx-NxE: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6

Vendor fix
MS-Nxxxx-xxC: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6

Vendor fix
MS-Nxxxx-xxE: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6

Vendor fix
MS-Nxxxx-xxG: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6

Vendor fix
MS-Nxxxx-xxH: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6

Vendor fix
MS-Nxxxx-xxT: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6

Vendor fix
PMC8266-FPE: PO_61.8.0.4_LPR and prior versions: Update to PO_61.8.0.4-r1

Vendor fix
PMC8266-FGPE: PO_61.8.0.4_LPR and prior versions: Update to PO_61.8.0.4-r1

Vendor fix
PM3322-E: PI_61.8.0.3_LPR-r3 and prior versions: Update to PI_61.8.0.3-r5

Vendor fix
TS4466-X4RIPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS5366-X12RIPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS8266-X4RIPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS4466-X4RIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS4466-RFIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS8266-X4RIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS8266-RFIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS4466-X4RIWG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS8266-X4RIWG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS5510-GVH: T_47.8.0.4_LPR-r7 and prior versions: Update to T_47.8.0.4-r8

Vendor fix
TS5510-GH: T_47.8.0.4_LPR-r6 and prior versions : Update to T_47.8.0.4-r8

Vendor fix
TS5511-GVH: T_47.8.0.4_LPR-r6 and prior versions: Update to T_47.8.0.4-r8

Vendor fix
TS2966-X12TPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS4466-X4RPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS5366-X12PE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS8266-X4PE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS2966-X12TVPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS4466-X4RVPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS5366-X12VPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS8266-X4VPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS4441-X36RPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS4441-X36RE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS4466-X4RWE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS8266-X4WE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
MS-C2964-RFLPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
MS-C2972-RFLPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
MS-C2966-RFLWPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
TS2866-X4TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
TS2866-X4TVPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
TS2866-X4TGPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
TS2841-X36TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
TS2841-X36TPC/W: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
TS2867-X5TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
TS2961-X12TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
TS8266-FPC/P: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
MS-C2966-X12RLPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
MS-C2966-X12RLVPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
MS-C5366-X12LPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
MS-C5366-X12LVPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
MS-C5361-X12LPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
MS-Cxx66-xxxxGOPC : 45.8.0.2-AIoT-r4 and prior versions: Update to 45.8.0.2-AIoT-r5

Vendor fix
SC211: C_21.1.0.8-r4 and prior versions: Update to C_21.1.0.8-r5

Vendor fix
SP111: 52.8.0.4-r5 and prior versions: Update to 52.8.0.4-r6

Vendor fix
MS-Cxx66-RFIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX

Vendor fix
MS-Cxx72-RFIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX

Vendor fix
MS-Cxx66-FIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX

Vendor fix
MS-Cxx72-FIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX

Mitigation
Milesight asks all users to report potential security vulnerabilities to [email protected].
mailto:[email protected]

Mitigation
Learn more: Milesight Vulnerability Reporting Policy
https://www.milesight.com/legal/vulnerability-report

Relevant CWE: CWE-321 Use of Hard-coded Cryptographic Key

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2026-32649

A command injection vulnerability exists in the web server of specific firmware versions of Milesight cameras.

View CVE Details

Affected Products

Milesight Cameras
Vendor:
Milesight
Product Version:
Milesight MS-Cxx63-PD: <=51.7.0.77-r12, Milesight MS-Cxx64-xPD: <=51.7.0.77-r12, Milesight MS-Cxx73-xPD: <=51.7.0.77-r12, Milesight MS-Cxx75-xxPD: <=51.7.0.77-r12, Milesight MS-Cxx83-xPD: <=51.7.0.77-r12, Milesight MS-Cxx74-PA: <=3x.8.0.3-r11, Milesight MS-C8477-HPG1: <=63.8.0.4-r3, Milesight MS-C8477-PC: <=48.8.0.4-r3, Milesight MS-C5321-FPE: <=62.8.0.4-r5, Milesight MS-Cxx72-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx62-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx52-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx66-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx66-xxxGPE: <=61.8.0.5-r2, Milesight MS-Cxx61-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx67-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx71-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx41-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx76-PE: <=61.8.0.5-r2, Milesight MS-Cxx65-PE: <=61.8.0.5-r2, Milesight MS-Cxx66-xxxG1: <=63.8.0.5-r3, Milesight MS-Cxx62-xxxG1: <=63.8.0.5-r3, Milesight MS-Cxx72-xxxG1: <=63.8.0.5-r3, Milesight MS-CQxx31-xxxG1: <=CQ_63.8.0.5-r1, Milesight MS-CQxx68-xxxG1: <=CQ_63.8.0.5-r1, Milesight MS-CQxx72-xxxG1: <=CQ_63.8.0.5-r1, Milesight MS-Nxxxx-NxE: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxC: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxE: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxG: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxH: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxT: <=7x.9.0.19-r5, Milesight PMC8266-FPE: <=PO_61.8.0.4_LPR, Milesight PMC8266-FGPE: <=PO_61.8.0.4_LPR, Milesight PM3322-E: <=PI_61.8.0.3_LPR-r3, Milesight TS4466-X4RIPG1: <=T_63.8.0.4_LPR-r3, Milesight TS5366-X12RIPG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-X4RIPG1: <=T_63.8.0.4_LPR-r3, Milesight TS4466-X4RIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS4466-RFIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-X4RIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-RFIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS4466-X4RIWG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-X4RIWG1: <=T_63.8.0.4_LPR-r3, Milesight TS5510-GVH: <=T_47.8.0.4_LPR-r7, Milesight TS5510-GH: <=T_47.8.0.4_LPR-r6, Milesight TS5511-GVH: <=T_47.8.0.4_LPR-r6, Milesight TS2966-X12TPE: <=T_61.8.0.4_LPR-r3, Milesight TS4466-X4RPE: <=T_61.8.0.4_LPR-r3, Milesight TS5366-X12PE: <=T_61.8.0.4_LPR-r3, Milesight TS8266-X4PE: <=T_61.8.0.4_LPR-r3, Milesight TS2966-X12TVPE: <=T_61.8.0.4_LPR-r3, Milesight TS4466-X4RVPE: <=T_61.8.0.4_LPR-r3, Milesight TS5366-X12VPE: <=T_61.8.0.4_LPR-r3, Milesight TS8266-X4VPE: <=T_61.8.0.4_LPR-r3, Milesight TS4441-X36RPE: <=T_61.8.0.4_LPR-r3, Milesight TS4441-X36RE: <=T_61.8.0.4_LPR-r3, Milesight TS4466-X4RWE: <=T_61.8.0.4_LPR-r3, Milesight TS8266-X4WE: <=T_61.8.0.4_LPR-r3, Milesight MS-C2964-RFLPC: <=T_45.8.0.3-r9, Milesight MS-C2972-RFLPC: <=T_45.8.0.3-r9, Milesight MS-C2966-RFLWPC: <=T_45.8.0.3-r9, Milesight TS2866-X4TPC: <=T_45.8.0.3-r9, Milesight TS2866-X4TVPC: <=T_45.8.0.3-r9, Milesight TS2866-X4TGPC: <=T_45.8.0.3-r9, Milesight TS2841-X36TPC: <=T_45.8.0.3-r9, Milesight TS2841-X36TPC/W: <=T_45.8.0.3-r9, Milesight TS2867-X5TPC: <=T_45.8.0.3-r9, Milesight TS2961-X12TPC: <=T_45.8.0.3-r9, Milesight TS8266-FPC/P: <=T_45.8.0.3-r9, Milesight MS-C2966-X12RLPC: <=T_45.8.0.3-r9, Milesight MS-C2966-X12RLVPC: <=T_45.8.0.3-r9, Milesight MS-C5366-X12LPC: <=T_45.8.0.3-r9, Milesight MS-C5366-X12LVPC: <=T_45.8.0.3-r9, Milesight MS-C5361-X12LPC: <=T_45.8.0.3-r9, Milesight MS-Cxx66-xxxxGOPC: <=45.8.0.2-AIoT-r4, Milesight SC211: <=C_21.1.0.8-r4, Milesight SP111: <=52.8.0.4-r5, Milesight MS-Cxx66-RFIPKG1: <=63.8.0.4-r1-NX, Milesight MS-Cxx72-RFIPKG1: <=63.8.0.4-r1-NX, Milesight MS-Cxx66-FIPKG1: <=63.8.0.4-r1-NX, Milesight MS-Cxx72-FIPKG1: <=63.8.0.4-r1-NX
Product Status:
known_affected
Remediations

Mitigation
Milesight advises all users to update their device to the latest firmware versions of PE/PC/PA found at https://www.milesight.com/support/download/firmware. 
https://www.milesight.com/support/download/firmware

Vendor fix
MS-Cxx63-PD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13

Vendor fix
MS-Cxx64-xPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13

Vendor fix
MS-Cxx73-xPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13

Vendor fix
MS-Cxx75-xxPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13

Vendor fix
MS-Cxx83-xPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13

Vendor fix
MS-Cxx74-PA: 3x.8.0.3-r11 and prior versions: Update to 3x.8.0.3-r13

Vendor fix
MS-C8477-HPG1: 63.8.0.4-r3 and prior versions: Update to 63.8.0.4-r4

Vendor fix
MS-C8477-PC: 48.8.0.4-r3 and prior versions: Update to 48.8.0.4-r4

Vendor fix
MS-C5321-FPE: 62.8.0.4-r5 and prior versions: Update to 62.8.0.4-r6

Vendor fix
MS-Cxx72-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx62-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx52-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx66-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx66-xxxGPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx61-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx67-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx71-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx41-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx76-PE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx65-PE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx66-xxxG1: 63.8.0.5-r3 and prior versions: Update to 63.8.0.5-r4

Vendor fix
MS-Cxx62-xxxG1: 63.8.0.5-r3 and prior versions: Update to 63.8.0.5-r4

Vendor fix
MS-Cxx72-xxxG1: 63.8.0.5-r3 and prior versions: Update to 63.8.0.5-r4

Vendor fix
MS-CQxx31-xxxG1: CQ_63.8.0.5-r1 and prior versions: Update to CQ_63.8.0.5-r2

Vendor fix
MS-CQxx68-xxxG1: CQ_63.8.0.5-r1 and prior versions: Update to CQ_63.8.0.5-r2

Vendor fix
MS-CQxx72-xxxG1: CQ_63.8.0.5-r1 and prior versions: Update to CQ_63.8.0.5-r2

Vendor fix
MS-Nxxxx-NxE: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6

Vendor fix
MS-Nxxxx-xxC: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6

Vendor fix
MS-Nxxxx-xxE: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6

Vendor fix
MS-Nxxxx-xxG: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6

Vendor fix
MS-Nxxxx-xxH: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6

Vendor fix
MS-Nxxxx-xxT: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6

Vendor fix
PMC8266-FPE: PO_61.8.0.4_LPR and prior versions: Update to PO_61.8.0.4-r1

Vendor fix
PMC8266-FGPE: PO_61.8.0.4_LPR and prior versions: Update to PO_61.8.0.4-r1

Vendor fix
PM3322-E: PI_61.8.0.3_LPR-r3 and prior versions: Update to PI_61.8.0.3-r5

Vendor fix
TS4466-X4RIPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS5366-X12RIPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS8266-X4RIPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS4466-X4RIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS4466-RFIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS8266-X4RIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS8266-RFIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS4466-X4RIWG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS8266-X4RIWG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS5510-GVH: T_47.8.0.4_LPR-r7 and prior versions: Update to T_47.8.0.4-r8

Vendor fix
TS5510-GH: T_47.8.0.4_LPR-r6 and prior versions : Update to T_47.8.0.4-r8

Vendor fix
TS5511-GVH: T_47.8.0.4_LPR-r6 and prior versions: Update to T_47.8.0.4-r8

Vendor fix
TS2966-X12TPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS4466-X4RPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS5366-X12PE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS8266-X4PE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS2966-X12TVPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS4466-X4RVPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS5366-X12VPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS8266-X4VPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS4441-X36RPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS4441-X36RE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS4466-X4RWE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS8266-X4WE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
MS-C2964-RFLPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
MS-C2972-RFLPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
MS-C2966-RFLWPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
TS2866-X4TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
TS2866-X4TVPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
TS2866-X4TGPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
TS2841-X36TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
TS2841-X36TPC/W: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
TS2867-X5TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
TS2961-X12TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
TS8266-FPC/P: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
MS-C2966-X12RLPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
MS-C2966-X12RLVPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
MS-C5366-X12LPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
MS-C5366-X12LVPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
MS-C5361-X12LPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
MS-Cxx66-xxxxGOPC : 45.8.0.2-AIoT-r4 and prior versions: Update to 45.8.0.2-AIoT-r5

Vendor fix
SC211: C_21.1.0.8-r4 and prior versions: Update to C_21.1.0.8-r5

Vendor fix
SP111: 52.8.0.4-r5 and prior versions: Update to 52.8.0.4-r6

Vendor fix
MS-Cxx66-RFIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX

Vendor fix
MS-Cxx72-RFIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX

Vendor fix
MS-Cxx66-FIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX

Vendor fix
MS-Cxx72-FIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX

Mitigation
Milesight asks all users to report potential security vulnerabilities to [email protected].
mailto:[email protected]

Mitigation
Learn more: Milesight Vulnerability Reporting Policy
https://www.milesight.com/legal/vulnerability-report

Relevant CWE: CWE-78 Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CVE-2026-20766

An out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras.

View CVE Details

Affected Products

Milesight Cameras
Vendor:
Milesight
Product Version:
Milesight MS-Cxx63-PD: <=51.7.0.77-r12, Milesight MS-Cxx64-xPD: <=51.7.0.77-r12, Milesight MS-Cxx73-xPD: <=51.7.0.77-r12, Milesight MS-Cxx75-xxPD: <=51.7.0.77-r12, Milesight MS-Cxx83-xPD: <=51.7.0.77-r12, Milesight MS-Cxx74-PA: <=3x.8.0.3-r11, Milesight MS-C8477-HPG1: <=63.8.0.4-r3, Milesight MS-C8477-PC: <=48.8.0.4-r3, Milesight MS-C5321-FPE: <=62.8.0.4-r5, Milesight MS-Cxx72-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx62-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx52-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx66-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx66-xxxGPE: <=61.8.0.5-r2, Milesight MS-Cxx61-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx67-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx71-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx41-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx76-PE: <=61.8.0.5-r2, Milesight MS-Cxx65-PE: <=61.8.0.5-r2, Milesight MS-Cxx66-xxxG1: <=63.8.0.5-r3, Milesight MS-Cxx62-xxxG1: <=63.8.0.5-r3, Milesight MS-Cxx72-xxxG1: <=63.8.0.5-r3, Milesight MS-CQxx31-xxxG1: <=CQ_63.8.0.5-r1, Milesight MS-CQxx68-xxxG1: <=CQ_63.8.0.5-r1, Milesight MS-CQxx72-xxxG1: <=CQ_63.8.0.5-r1, Milesight MS-Nxxxx-NxE: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxC: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxE: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxG: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxH: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxT: <=7x.9.0.19-r5, Milesight PMC8266-FPE: <=PO_61.8.0.4_LPR, Milesight PMC8266-FGPE: <=PO_61.8.0.4_LPR, Milesight PM3322-E: <=PI_61.8.0.3_LPR-r3, Milesight TS4466-X4RIPG1: <=T_63.8.0.4_LPR-r3, Milesight TS5366-X12RIPG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-X4RIPG1: <=T_63.8.0.4_LPR-r3, Milesight TS4466-X4RIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS4466-RFIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-X4RIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-RFIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS4466-X4RIWG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-X4RIWG1: <=T_63.8.0.4_LPR-r3, Milesight TS5510-GVH: <=T_47.8.0.4_LPR-r7, Milesight TS5510-GH: <=T_47.8.0.4_LPR-r6, Milesight TS5511-GVH: <=T_47.8.0.4_LPR-r6, Milesight TS2966-X12TPE: <=T_61.8.0.4_LPR-r3, Milesight TS4466-X4RPE: <=T_61.8.0.4_LPR-r3, Milesight TS5366-X12PE: <=T_61.8.0.4_LPR-r3, Milesight TS8266-X4PE: <=T_61.8.0.4_LPR-r3, Milesight TS2966-X12TVPE: <=T_61.8.0.4_LPR-r3, Milesight TS4466-X4RVPE: <=T_61.8.0.4_LPR-r3, Milesight TS5366-X12VPE: <=T_61.8.0.4_LPR-r3, Milesight TS8266-X4VPE: <=T_61.8.0.4_LPR-r3, Milesight TS4441-X36RPE: <=T_61.8.0.4_LPR-r3, Milesight TS4441-X36RE: <=T_61.8.0.4_LPR-r3, Milesight TS4466-X4RWE: <=T_61.8.0.4_LPR-r3, Milesight TS8266-X4WE: <=T_61.8.0.4_LPR-r3, Milesight MS-C2964-RFLPC: <=T_45.8.0.3-r9, Milesight MS-C2972-RFLPC: <=T_45.8.0.3-r9, Milesight MS-C2966-RFLWPC: <=T_45.8.0.3-r9, Milesight TS2866-X4TPC: <=T_45.8.0.3-r9, Milesight TS2866-X4TVPC: <=T_45.8.0.3-r9, Milesight TS2866-X4TGPC: <=T_45.8.0.3-r9, Milesight TS2841-X36TPC: <=T_45.8.0.3-r9, Milesight TS2841-X36TPC/W: <=T_45.8.0.3-r9, Milesight TS2867-X5TPC: <=T_45.8.0.3-r9, Milesight TS2961-X12TPC: <=T_45.8.0.3-r9, Milesight TS8266-FPC/P: <=T_45.8.0.3-r9, Milesight MS-C2966-X12RLPC: <=T_45.8.0.3-r9, Milesight MS-C2966-X12RLVPC: <=T_45.8.0.3-r9, Milesight MS-C5366-X12LPC: <=T_45.8.0.3-r9, Milesight MS-C5366-X12LVPC: <=T_45.8.0.3-r9, Milesight MS-C5361-X12LPC: <=T_45.8.0.3-r9, Milesight MS-Cxx66-xxxxGOPC: <=45.8.0.2-AIoT-r4, Milesight SC211: <=C_21.1.0.8-r4, Milesight SP111: <=52.8.0.4-r5, Milesight MS-Cxx66-RFIPKG1: <=63.8.0.4-r1-NX, Milesight MS-Cxx72-RFIPKG1: <=63.8.0.4-r1-NX, Milesight MS-Cxx66-FIPKG1: <=63.8.0.4-r1-NX, Milesight MS-Cxx72-FIPKG1: <=63.8.0.4-r1-NX
Product Status:
known_affected
Remediations

Mitigation
Milesight advises all users to update their device to the latest firmware versions of PE/PC/PA found at https://www.milesight.com/support/download/firmware. 
https://www.milesight.com/support/download/firmware

Vendor fix
MS-Cxx63-PD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13

Vendor fix
MS-Cxx64-xPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13

Vendor fix
MS-Cxx73-xPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13

Vendor fix
MS-Cxx75-xxPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13

Vendor fix
MS-Cxx83-xPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13

Vendor fix
MS-Cxx74-PA: 3x.8.0.3-r11 and prior versions: Update to 3x.8.0.3-r13

Vendor fix
MS-C8477-HPG1: 63.8.0.4-r3 and prior versions: Update to 63.8.0.4-r4

Vendor fix
MS-C8477-PC: 48.8.0.4-r3 and prior versions: Update to 48.8.0.4-r4

Vendor fix
MS-C5321-FPE: 62.8.0.4-r5 and prior versions: Update to 62.8.0.4-r6

Vendor fix
MS-Cxx72-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx62-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx52-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx66-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx66-xxxGPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx61-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx67-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx71-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx41-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx76-PE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx65-PE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

Vendor fix
MS-Cxx66-xxxG1: 63.8.0.5-r3 and prior versions: Update to 63.8.0.5-r4

Vendor fix
MS-Cxx62-xxxG1: 63.8.0.5-r3 and prior versions: Update to 63.8.0.5-r4

Vendor fix
MS-Cxx72-xxxG1: 63.8.0.5-r3 and prior versions: Update to 63.8.0.5-r4

Vendor fix
MS-CQxx31-xxxG1: CQ_63.8.0.5-r1 and prior versions: Update to CQ_63.8.0.5-r2

Vendor fix
MS-CQxx68-xxxG1: CQ_63.8.0.5-r1 and prior versions: Update to CQ_63.8.0.5-r2

Vendor fix
MS-CQxx72-xxxG1: CQ_63.8.0.5-r1 and prior versions: Update to CQ_63.8.0.5-r2

Vendor fix
MS-Nxxxx-NxE: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6

Vendor fix
MS-Nxxxx-xxC: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6

Vendor fix
MS-Nxxxx-xxE: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6

Vendor fix
MS-Nxxxx-xxG: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6

Vendor fix
MS-Nxxxx-xxH: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6

Vendor fix
MS-Nxxxx-xxT: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6

Vendor fix
PMC8266-FPE: PO_61.8.0.4_LPR and prior versions: Update to PO_61.8.0.4-r1

Vendor fix
PMC8266-FGPE: PO_61.8.0.4_LPR and prior versions: Update to PO_61.8.0.4-r1

Vendor fix
PM3322-E: PI_61.8.0.3_LPR-r3 and prior versions: Update to PI_61.8.0.3-r5

Vendor fix
TS4466-X4RIPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS5366-X12RIPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS8266-X4RIPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS4466-X4RIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS4466-RFIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS8266-X4RIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS8266-RFIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS4466-X4RIWG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS8266-X4RIWG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

Vendor fix
TS5510-GVH: T_47.8.0.4_LPR-r7 and prior versions: Update to T_47.8.0.4-r8

Vendor fix
TS5510-GH: T_47.8.0.4_LPR-r6 and prior versions: Update to T_47.8.0.4-r8

Vendor fix
TS5511-GVH: T_47.8.0.4_LPR-r6 and prior versions: Update to T_47.8.0.4-r8

Vendor fix
TS2966-X12TPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS4466-X4RPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS5366-X12PE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS8266-X4PE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS2966-X12TVPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS4466-X4RVPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS5366-X12VPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS8266-X4VPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS4441-X36RPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS4441-X36RE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS4466-X4RWE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
TS8266-X4WE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

Vendor fix
MS-C2964-RFLPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
MS-C2972-RFLPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
MS-C2966-RFLWPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
TS2866-X4TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
TS2866-X4TVPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
TS2866-X4TGPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
TS2841-X36TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
TS2841-X36TPC/W: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
TS2867-X5TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
TS2961-X12TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
TS8266-FPC/P: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
MS-C2966-X12RLPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
MS-C2966-X12RLVPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
MS-C5366-X12LPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
MS-C5366-X12LVPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
MS-C5361-X12LPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

Vendor fix
MS-Cxx66-xxxxGOPC: 45.8.0.2-AIoT-r4 and prior versions: Update to 45.8.0.2-AIoT-r5

Vendor fix
SC211: C_21.1.0.8-r4 and prior versions: Update to C_21.1.0.8-r5

Vendor fix
SP111: 52.8.0.4-r5 and prior versions: Update to 52.8.0.4-r6

Vendor fix
MS-Cxx66-RFIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX

Vendor fix
MS-Cxx72-RFIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX

Vendor fix
MS-Cxx66-FIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX

Vendor fix
MS-Cxx72-FIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX

Mitigation
Milesight asks all users to report potential security vulnerabilities to [email protected].
mailto:[email protected]

Mitigation
Learn more: Milesight Vulnerability Reporting Policy
https://www.milesight.com/legal/vulnerability-report

Relevant CWE: CWE-122 Heap-based Buffer Overflow

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Acknowledgments

  • Souvik Kandar reported these vulnerabilities to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities.

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.

Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.

Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

Revision History

  • Initial Release Date: 2026-04-23
Date Revision Summary
2026-04-23 1 Initial Publication

Legal Notice and Terms of Use

SpiceJet Online Booking System

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

Summary

Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information.

The following versions of SpiceJet Online Booking System are affected:

  • Online Booking System vers:all/* (CVE-2026-6375, CVE-2026-6376)
CVSS Vendor Equipment Vulnerabilities
v3 7.5 SpiceJet SpiceJet Online Booking System Authorization Bypass Through User-Controlled Key, Missing Authentication for Critical Function

Background

  • Critical Infrastructure Sectors: Transportation Systems
  • Countries/Areas Deployed: Worldwide
  • Company Headquarters Location: India

Vulnerabilities

Expand All +

CVE-2026-6375

A vulnerability in SpiceJet’s booking API allows unauthenticated users to query passenger name records (PNRs) without any access controls. Because PNR identifiers follow a predictable pattern, an attacker could systematically enumerate valid records and obtain associated passenger names. This flaw stems from missing authorization checks on an endpoint intended for authenticated profile access.

View CVE Details

Affected Products

SpiceJet Online Booking System
Vendor:
SpiceJet
Product Version:
SpiceJet Online Booking System: vers:all/*
Product Status:
known_affected
Remediations

Mitigation
SpiceJet did not respond to CISA’s requests to coordinate. Users are encouraged to reach out to SpiceJet for more information: https://corporate.spicejet.com/contactus.aspx
https://corporate.spicejet.com/contactus.aspx

Relevant CWE: CWE-639 Authorization Bypass Through User-Controlled Key

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE-2026-6376

A weakness in SpiceJet’s public booking retrieval page permits full passenger booking details to be accessed using only a PNR and last name, with no authentication or verification mechanisms. This results in exposure of extensive personal, travel, and booking metadata to any unauthenticated user who can obtain or guess those basic inputs. The issue arises from improper access control on a sensitive data retrieval function.

View CVE Details

Affected Products

SpiceJet Online Booking System
Vendor:
SpiceJet
Product Version:
SpiceJet Online Booking System: vers:all/*
Product Status:
known_affected
Remediations

Mitigation
SpiceJet did not respond to CISA’s requests to coordinate. Users are encouraged to reach out to SpiceJet for more information: https://corporate.spicejet.com/contactus.aspx
https://corporate.spicejet.com/contactus.aspx

Relevant CWE: CWE-306 Missing Authentication for Critical Function

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Acknowledgments

  • Owais Shaikh reported these vulnerabilities to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities.

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.

Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.

Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

Revision History

  • Initial Release Date: 2026-04-23
Date Revision Summary
2026-04-23 1 Initial Publication

Legal Notice and Terms of Use