Skip to main content
(844) 422-7000

Lantronix Provisioning Manager

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v4 8.6
  • ATTENTION: Low attack complexity
  • Vendor: Lantronix
  • Equipment: Provisioning Manager
  • Vulnerability: Improper Restriction of XML External Entity Reference

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to perform a cross-site scripting attack, which could result in remote code execution.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following Lantronix products are affected:

  • Provisioning Manager: Versions 7.10.2 and prior

3.2 Vulnerability Overview

3.2.1 IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611

Provisioning Manager is vulnerable to XML External Entity (XXE) attacks in configuration files supplied by network devices, leading to unauthenticated remote code execution on hosts with Provisioning Manager installed.

CVE-2025-7766 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.0 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-7766. A base score of 8.6 has been calculated; the CVSS vector string is (AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Information Technology
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: United States

3.4 RESEARCHER

Robert McLellan reported this vulnerability to CISA.

4. MITIGATIONS

Lantronix has provided a fix and recommends users update to v7.10.4 or later.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

  • July 22, 2025: Initial Publication

Schneider Electric EcoStruxure

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v4 5.3
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Schneider Electric
  • Equipment: EcoStruxure Power Monitoring Expert (PME) and EcoStruxure Power Operation (EPO)
  • Vulnerability: Exposure of Resource to Wrong Sphere

2. RISK EVALUATION

Successful exploitation of this vulnerability could provide other authenticated users with potentially inappropriate access to TGML diagrams.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Schneider Electric reports the following products are affected:

  • EcoStruxure Power Monitoring Expert (PME): 2023
  • EcoStruxure Power Monitoring Expert (PME): 2023 R2
  • EcoStruxure Power Monitoring Expert (PME): 2024
  • EcoStruxure Power Monitoring Expert (PME): 2024 R2
  • EcoStruxure Power Operation (EPO) Advanced Reporting and Dashboards Module: 2022
  • EcoStruxure Power Operation (EPO) Advanced Reporting and Dashboards Module: 2024

3.2 Vulnerability Overview

3.2.1 EXPOSURE OF RESOURCE TO WRONG SPHERE CWE-668

A resource exposure vulnerability exists that exposes TGML diagram resources to unauthorized control, allowing other authenticated users unauthorized access to TGML diagrams.

CVE-2025-6788 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.3 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

A CVSS v4 score has also been calculated for CVE-2025-6788. A base score of 5.3 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities, Critical Manufacturing, Energy
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: France

3.4 RESEARCHER

Schneider Electric reported this vulnerability to CISA.

4. MITIGATIONS

Schneider Electric has identified the following specific remediations users can apply to reduce risk:

  • EcoStruxure Power Monitoring Expert (PME) 2023, 2023 R2: Hotfix_199767 is available and includes a fix for this vulnerability.
  • EcoStruxure Power Monitoring Expert (PME) 2024: Hotfix_256448_Diagrams-Release.13.0.25182.01 is available and includes a fix for this vulnerability.
  • EcoStruxure Power Monitoring Expert (PME) 2024 R2: Hotfix_256448_Diagrams-Release.13.1.25182.01 is available and includes a fix for this vulnerability.
  • EcoStruxure Power Operation (EPO) Advanced Reporting and Dashboards Module 2022: Hotfix_199767 is available and includes a fix for this vulnerability.
  • EcoStruxure Power Operation (EPO) Advanced Reporting and Dashboards Module 2024: Hotfix_256448_Diagrams-Release.13.0.25182.0 is available and includes a fix for this vulnerability.

Contact Schneider Electric’s Customer Care Center to download these hotfixes.

Schneider Electric recommends users employ appropriate patching methodologies when applying these patches to their systems. They strongly recommend making backups and evaluating the impact of these patches in a test and development environment or on offline infrastructure. Contact Schneider Electric’s Customer Care Center for assistance removing a patch.

If users choose not to apply the above-mentioned remediation, Schneider Electric recommends the immediate removal of TGML diagrams from multi-tenant managed systems or on-premises systems and reverting to Vista diagrams.

For more information, see the associated Schneider Electric security advisory SEVD-2025-189-04: EcoStruxure Power Monitoring Expert (PME) and EcoStruxure Power Operation (EPO) with Advanced Reporting and Dashboards PDF version, CSAF version.

Schneider Electric strongly recommends adhering to the following industry cybersecurity best practices:

  • Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network.
  • Install physical controls to prevent unauthorized personnel from accessing industrial control and safety systems, components, peripheral equipment, and networks.
  • Place all controllers in locked cabinets and never leave them in the “Program” mode.
  • Never connect programming software to any network other than the one intended for that device.
  • Scan all methods of mobile data exchange with the isolated network, such as CDs, USB drives, etc., before use in terminals or any nodes connected to these networks.
  • Never allow mobile devices that have connected to any network other than the intended network to connect to safety or control networks without proper sanitation.
  • Minimize network exposure for all control system devices and systems, ensuring they are not accessible from the Internet.
  • When remote access is required, use secure methods such as Virtual Private Networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.
    For more information, refer to the Schneider Electric recommended cybersecurity best practices document.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

  • July 22, 2025: Initial Republication of Schneider Electric SEVD-2025-189-04

Schneider Electric System Monitor Application

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v3 6.9
  • ATTENTION: Exploitable remotely
  • Vendor: Schneider Electric
  • Equipment: System Monitor Application
  • Vulnerability: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to execute untrusted code.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Schneider Electric reports the following products are affected:

  • System Monitor application in Harmony Industrial PC series: All versions
  • System Monitor application in Pro-face Industrial PC series: All versions

3.2 Vulnerability Overview

3.2.1 IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (‘CROSS-SITE SCRIPTING’) CWE-79

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing

CVE-2020-11023 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.9 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities, Critical Manufacturing, Energy
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: France

3.4 RESEARCHER

Schneider Electric CPCERT reported this vulnerability to CISA.

4. MITIGATIONS

Schneider Electric has identified the following specific workarounds and mitigations users can apply to reduce risk:

  • Schneider Electric System Monitor application in Harmony Industrial PC series: Users can uninstall System Monitor application using the installer available for download here.
  • Please follow the steps described in the guideline attached as a PDF in the downloaded uninstaller guide.
  • Schneider Electric System Monitor application in Harmony Industrial PC series: If users choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit:
    • Stop the system monitor if not required by turning off the services as specified in the Harmony Industrial PC Series User Manual.
    • Set up network segmentation and implement a firewall to block all unauthorized access to configured HTTP/HTTPS ports.
  • Schneider Electric System Monitor application in Pro-face Industrial PC series: Users can uninstall System Monitor application using the installer available for download here
  • Please follow the steps described in the guideline attached as a PDF in the downloaded uninstaller guide.
  • Schneider Electric System Monitor application in Pro-face Industrial PC series: If users choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit:
    • Stop the system monitor if not required by turning off the services as specified in the Pro-face PS5000 legacy industrial PC Series User Manual.
    • Set up network segmentation and implement a firewall to block all unauthorized access to configured HTTP/HTTPS ports.

For more information see the associated Schneider Electric CPCERT security advisory SEVD-2025-189-02 System Monitor Application in Harmony and Pro-face PS5000 Legacy Industrial PCs – SEVD-2025-189-02 PDF Version, System Monitor Application in Harmony and Pro-face PS5000 Legacy Industrial PCs – SEVD-2025-189-02 CSAF Version.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability has a high attack complexity.

5. UPDATE HISTORY

  • July 22, 2025: Initial Republication of Schneider Electric CPCERT SEVD-2025-189-02

Schneider Electric EcoStruxture IT Data Center Expert

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v4 9.5
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Schneider Electric
  • Equipment: EcoStruxure IT Data Center Expert
  • Vulnerabilities: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’), Insufficient Entropy, Improper Control of Generation of Code (‘Code Injection’), Server-Side Request Forgery (SSRF), Improper Privilege Management, and Improper Restriction of XML External Entity Reference

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to disrupt operations and access system data.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Schneider Electric reports the following product is affected:

  • EcoStruxure IT Data Center Expert: Versions v8.3 and prior

3.2 Vulnerability Overview

3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND (‘OS COMMAND INJECTION’) CWE-78

An improper neutralization of special elements used in an OS command (‘OS command injection’) vulnerability exists, which could cause unauthenticated remote code execution when a malicious folder is created via the HTTP web interface when enabled. HTTP is disabled by default.

CVE-2025-50121 has been assigned to this vulnerability. A CVSS v3.1 base score of 10.0 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-50121. A base score of 9.5 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:L/SA:H).

3.2.2 INSUFFICIENT ENTROPY CWE-331

An insufficient entropy vulnerability exists, which could cause the root password discovery when the password generation algorithm is reverse engineered with access to installation or upgrade artifacts.

CVE-2025-50122 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.3 has been calculated; the CVSS vector string is (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-50122. A base score of 8.9 has been calculated; the CVSS vector string is (CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:L/SA:H).

3.2.3 IMPROPER CONTROL OF GENERATION OF CODE (‘CODE INJECTION’) CWE-94

An improper control of generation of code (‘code injection’) vulnerability exists, which could cause remote command execution by a privileged account when the server is accessed via a console and the hostname input is exploited.

CVE-2025-50123 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.2 has been calculated; the CVSS vector string is (CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-50123. A base score of 7.2 has been calculated; the CVSS vector string is (CVSS:4.0/AV:P/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:L/SA:H).

3.2.4 SERVER-SIDE REQUEST FORGERY (SSRF) CWE-918

A server-side request forgery (SSRF) vulnerability exists, which could cause unauthenticated remote code execution when the server is accessed via the network with knowledge of hidden URLs and manipulation of the host request header.

CVE-2025-50125 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.2 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N).

A CVSS v4 score has also been calculated for CVE-2025-50125. A base score of 6.3 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N).

3.2.5 IMPROPER PRIVILEGE MANAGEMENT CWE-269

An improper privilege management vulnerability exists, which could cause privilege escalation when the server is accessed by a privileged account via a console and through exploitation of a setup script.

CVE-2025-50124 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.9 has been calculated; the CVSS vector string is (CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-50124. A base score of 7.2 has been calculated; the CVSS vector string is (CVSS:4.0/AV:P/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:L/SA:H).

3.2.6 IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611

An improper restriction of XML external entity reference vulnerability exists, which could cause manipulation of SOAP API calls and XML external entities injection, resulting in unauthorized file access when the server is accessed via the network using an application account.

CVE-2025-6438 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

A CVSS v4 score has also been calculated for CVE-2025-6438. A base score of 5.9 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: France

3.4 RESEARCHER

Jaggar Henry and Jim Becher of KoreLogic, Inc. reported these vulnerabilities to Schneider Electric.

4. MITIGATIONS

Schneider Electric has identified the following specific workarounds and mitigations users can apply to reduce risk:

  • Schneider Electric EcoStruxure IT Data Center Expert Version 8.3 and prior: Version 9.0 of EcoStruxure IT Data Center Expert includes fixes for these vulnerabilities and is available upon request from Schneider Electric’s Customer Care Center.
  • If users choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit:
    • Harden the DCE instance according to the cybersecurity best practices documented in the EcoStruxure IT Data Center Expert Security Handbook

For more information see the associated Schneider Electric CPCERT security advisory SEVD-2025-189-01 EcoStruxure IT Data Center Expert – SEVD-2025-189-01 PDF Version, EcoStruxure IT Data Center Expert – SEVD-2025-189-01 CSAF Version.

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

5. UPDATE HISTORY

  • July 22, 2025: Initial Republication of Schneider Electric CPCERT SEVD-2025-189-01

Leviton AcquiSuite and Energy Monitoring Hub

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v4 8.7
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Leviton
  • Equipment: AcquiSuite, Energy Monitoring Hub
  • Vulnerability: Cross-site Scripting

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to craft a malicious payload in URL parameters that would execute in a client browser when accessed by a user, steal session tokens, and control the service.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of Leviton AcquiSuite and Leviton Energy Monitoring Hub are affected:

  • AcquiSuite: Version A8810
  • Energy Monitoring Hub: Version A8812

3.2 VULNERABILITY OVERVIEW

3.2.1 IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (‘CROSS-SITE SCRIPTING’) CWE-79

The affected products are susceptible to a cross-site scripting (XSS) vulnerability, allowing an attacker to craft a malicious payload in URL parameters, which would execute in a client browser when accessed by a user, steal session tokens, and control the service.

CVE-2025-6185 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N).

A CVSS v4 score has also been calculated for CVE-2025-6185. A base score of 8.7 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Communications
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: United States

3.4 RESEARCHER

notnotnotveg ([email protected]) reported this vulnerability to CISA.

4. MITIGATIONS

Leviton has not responded to requests to work with CISA in mitigating this vulnerability. Users of these affected products are welcome to contact Leviton’s customer support for additional information.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities of their own and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

  • July 17, 2025: Initial Publication

Hitachi Energy Asset Suite

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v4 9.1
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Hitachi Energy
  • Equipment: Energy Asset Suite
  • Vulnerabilities: Incomplete List of Disallowed Inputs, Plaintext Storage of a Password, Out-of-bounds Write, Release of Invalid Pointer or Reference

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to the target equipment, perform remote code executions, or escalate privileges.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Hitachi Energy reports that the following products are affected:

  • Asset Suite AnyWhere for Inventory (AWI) Android mobile app: Versions 11.5 and prior (CVE-2019-9262, CVE-2019-9429, CVE-2019-9256, CVE-2019-9290)
  • Asset Suite 9 series: Version 9.6.4.4 (CVE-2025-1484, CVE-2025-2500)
  • Asset Suite 9 series: Version 9.7 (CVE-2025-2500)

3.2 VULNERABILITY OVERVIEW

3.2.1 INCOMPLETE LIST OF DISALLOWED INPUTS CWE-184

A vulnerability exists in the media upload component of the Asset Suite versions listed above. If successfully exploited an attacker could impact the confidentiality or integrity of the system. An attacker can use this vulnerability to construct a request that will cause JavaScript code supplied by the attacker to execute within the user’s browser in the context of that user’s session with the application.

CVE-2025-1484 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L).

A CVSS v4 score has also been calculated for CVE-2025-1484. A base score of 6.3 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N).

3.2.2 PLAINTEXT STORAGE OF A PASSWORD CWE-256

A vulnerability exists in the SOAP Web services of the Asset Suite versions listed above. If successfully exploited, an attacker could gain unauthorized access to the product and the time window of a possible password attack could be expanded.

CVE-2025-2500 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

A CVSS v4 score has also been calculated for CVE-2025-2500. A base score of 9.1 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N).

3.2.3 OUT-OF-BOUNDS WRITE CWE-787

A vulnerability exists in the MPEG4Extractor component of the media extractor. If successfully exploited, an attacker could trigger an out-of-bounds write, potentially leading to remote code execution.

CVE-2019-9262 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

3.2.4 OUT-OF-BOUNDS WRITE CWE-787

A vulnerability exists in the profman component due to memory corruption. If successfully exploited, an attacker could trigger an out-of-bounds write, potentially leading to unauthorized local escalation of privileges.

CVE-2019-9429 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

3.2.5 OUT-OF-BOUNDS WRITE CWE-787

A vulnerability exists in the libmediaextractor component. If successfully exploited, an attacker could trigger an out-of-bounds write due to an integer overflow, potentially leading to remote code execution.

CVE-2019-9256 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

3.2.6 RELEASE OF INVALID POINTER OR REFERENCE CWE-763

A vulnerability exists in the tzdata component due to a mismatch between allocation and deallocation functions. If successfully exploited, an attacker could trigger memory corruption, potentially leading to local escalation of privilege.

CVE-2019-9290 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Energy
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Switzerland

3.4 RESEARCHER

Hitachi Energy PSIRT reported these vulnerabilities to CISA.

4. MITIGATIONS

Hitachi Energy has identified the following specific workarounds and mitigations users can apply to reduce risk:

  • (CVE-2025-1484) Asset Suite version 9.6.4.4: Update to Asset Suite Version 9.6.4.5 when available
  • (CVE-2025-1484) Asset Suite version 9.6.4.4: Apply General Mitigation Factors/Workarounds
  • (CVE-2025-2500) Asset Suite version 9.6.4.4, Asset Suite version 9.7: Apply General Mitigation Factors/Workarounds
  • (CVE-2019-9262, CVE-2019-9429, CVE-2019-9256, CVE-2019-9290) Asset Suite AnyWhere for Inventory (AWI) Android mobile app versions 11.5 (awi_11.5_armv7) and earlier: Apply General Mitigation Factors/Workarounds

Hitachi Energy recommends the following general mitigation factors and workarounds:
Recommended security practices and firewall configurations can help protect process control networks from external attacks. These practices include ensuring that process control systems are physically protected from unauthorized access by unauthorized personnel, do not have direct connections to the Internet, and are separated from other networks by a firewall system with a minimal number of exposed ports. Additional configurations should be evaluated on a case-by-case basis. Process control systems should not be used for web browsing, instant messaging, or receiving email. Portable computers and removable storage media should be thoroughly scanned for viruses before connecting to a control system.

For more information see the associated Hitachi Energy PSIRT security advisory 8DBD000212 CYBERSECURITY ADVISORY – Cross-Site Scripting & Mobile Application Vulnerabilities in Hitachi Energy’s Asset Suite Product.

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

5. UPDATE HISTORY

  • July 15, 2025: Initial Republication of Hitachi Energy PSIRT 8DBD000212

ABB RMC-100

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v4 8.2
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: ABB
  • Equipment: RMC-100
  • Vulnerabilities: Use of Hard-coded Cryptographic Key, Stack-based Buffer Overflow

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to gain unauthenticated access to the MQTT configuration data, cause a denial-of-service condition on the MQTT configuration web server (REST interface), or decrypt encrypted MQTT broker credentials.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

ABB reports the following versions of RMC-100 with the REST interface are affected. The vulnerabilities are only present when the REST interface is enabled. This interface is disabled by default:

  • RMC-100: 2105457-043 through 2105457-045
  • RMC-100 LITE: 2106229-015 through 2106229-016

3.2 VULNERABILITY OVERVIEW

3.2.1 USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321

When the REST interface is enabled by the user, and an attacker gains access to the source code and the control network, the attacker can bypass REST interface authentication and gain access to MQTT configuration data.

CVE-2025-6074 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).

A CVSS v4 score has also been calculated for CVE-2025-6074. A base score of 6.3 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N).

3.2.2 STACK-BASED BUFFER OVERFLOW CWE-121

When the REST interface is enabled by the user, if an attacker gains access to the control network, user/password broker authentication is enabled, and CVE-2025-6074 is exploited, the attacker can overflow the buffer for the username or password.

CVE-2025-6073 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

A CVSS v4 score has also been calculated for CVE-2025-6073. A base score of 8.2 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N).

3.2.3 STACK-BASED BUFFER OVERFLOW CWE-121

When the REST interface is enabled by the user, if an attacker gains access to the control network and exploits CVE-2025-6074, the attacker can use the JSON configuration to overflow the expiration date field.

CVE-2025-6072 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

A CVSS v4 score has also been calculated for CVE-2025-6072. A base score of 8.2 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N).

3.2.4 USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321

An attacker can gain access to salted information to decrypt MQTT information.

CVE-2025-6071 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

A CVSS v4 score has also been calculated for CVE-2025-6071. A base score of 6.3 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
  • COUNTRIES/AREAS DEPLOYED: Worldwide, except regions mandated to follow EU CRA
  • COMPANY HEADQUARTERS LOCATION: Switzerland

3.4 RESEARCHER

Vera Mens of Claroty Team82 reported these vulnerabilities to ABB.

4. MITIGATIONS

ABB recommends disabling the REST interface when it is not being used to configure the MQTT functionality. By default, when the REST interface is disabled so there is no risk. The RMC-100 is not intended for access over public networks such as the Internet. An attacker would need access to the user’s private control network to exploit these vulnerabilities. Proper network segmentation is recommended.

For more information, see ABB’s cybersecurity advisory.

For any installation of software-related products, ABB strongly recommends the following (non-exhaustive) list of cybersecurity practices:

  • Isolate special-purpose networks (e.g., for automation systems) and remote devices behind firewalls and separate them from any general-purpose networks (e.g., office or home networks).
  • Install physical controls to ensure that no unauthorized personnel can access devices, components, peripheral equipment, and networks.
  • Never connect programming software or computers containing programming software to any network other than the network for the devices that it is intended for.
  • Scan all data imported into your environment before use to detect potential malware infections.
  • Minimize network exposure for all applications and endpoints to ensure that they are not accessible from the Internet unless they are designed for such exposure and the intended use requires such.
  • Ensure all nodes are always up-to-date in terms of installed software, operating system, and firmware patches as well as antivirus and firewall.
  • When remote access is required, use secure methods, such as virtual private networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

5. UPDATE HISTORY

  • July 15, 2025: Initial Publication

LITEON IC48A and IC80A EV Chargers

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v4 8.7
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: LITEON
  • Equipment: IC48A and IC80A
  • Vulnerability: Plaintext Storage of a Password

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to access sensitive information when accessing the Liteon EV chargers.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of LITEON EV chargers are affected:

  • LITEON IC48A: Firmware versions prior to 01.00.19r
  • LITEON IC80A: Firmware versions prior to 01.01.12e

3.2 VULNERABILITY OVERVIEW

3.2.1 PLAINTEXT STORAGE OF A PASSWORD CWE-256

LITEON IC48A firmware versions prior to 01.00.19r and LITEON IC80A firmware versions prior to 01.01.12e store FTP-server-access-credentials in cleartext in their system logs.

CVE-2025-7357 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

A CVSS v4 score has also been calculated for CVE-2025-7357. A base score of 8.7 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities, Energy, Transportation Systems
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Taiwan

3.4 RESEARCHER

Murat Sagdullaev of Electrada reported this vulnerability to CISA.

4. MITIGATIONS

LITEON has released the following firmware versions for the following EV chargers:

  • LITEON IC48A: Firmware versions 01.00.20h
  • LITEON IC80A: Firmware versions 01.01.13m

For more information, contact LITEON.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

  • July 15, 2025: Initial Publication

Siemens SINEC NMS

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v4 9.3
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Siemens
  • Equipment: SINEC NMS
  • Vulnerabilities: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’), Missing Authentication for Critical Function, Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to elevate privileges and execute arbitrary code.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Siemens reports the following products are affected:

  • Siemens SINEC NMS: All versions prior to V4.0

3.2 VULNERABILITY OVERVIEW

3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND (‘SQL INJECTION’) CWE-89

The affected devices are vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database.

CVE-2025-40735 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-40735. A base score of 8.7 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.2.2 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306

The affected application exposes an endpoint that allows an unauthorized modification of administrative credentials. This could allow an unauthenticated attacker to reset the superadmin password and gain full control of the application (ZDI-CAN-26569).

CVE-2025-40736 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-40736. A base score of 9.3 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.2.3 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (‘PATH TRAVERSAL’) CWE-22

The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privileges (ZDI-CAN-26571).

CVE-2025-40737 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-40737. A base score of 8.7 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.2.4 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (‘PATH TRAVERSAL’) CWE-22

The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privileges (ZDI-CAN-26572).

CVE-2025-40738 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-40738. A base score of 8.7 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Germany

3.4 RESEARCHER

Trend Micro Zero Day Initiative coordinated CVE-2025-40736, CVE-2025-40737, and CVE-2025-40738 with Siemens.

Siemens ProductCERT reported these vulnerabilities to CISA.

4. MITIGATIONS

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-078892 in HTML and CSAF.

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

5. UPDATE HISTORY

  • July 10, 2025: Initial Republication of Siemens ProductCERT SSA-078892

Siemens Solid Edge

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v4 7.3
  • ATTENTION: High attack complexity
  • Vendor: Siemens
  • Equipment: Solid Edge SE2025
  • Vulnerabilities: Out-of-bounds Read, Stack-based Buffer Overflow

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to crash the application or execute arbitrary code.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Siemens reports the following products are affected:

  • Solid Edge SE2025: All versions prior to V225.0 Update 5

3.2 VULNERABILITY OVERVIEW

3.2.1 OUT-OF-BOUNDS READ CWE-125

The affected applications contain an out-of-bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

CVE-2025-40739 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-40739. A base score of 7.3 has been calculated; the CVSS vector string is (CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.2.2 OUT-OF-BOUNDS READ CWE-125

The affected applications contain an out-of-bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

CVE-2025-40740 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-40740. A base score of 7.3 has been calculated; the CVSS vector string is (CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.2.3 STACK-BASED BUFFER OVERFLOW CWE-121

The affected applications contain a stack-based buffer overflow vulnerability while parsing specially crafted CFG files. This could allow an attacker to execute code in the context of the current process.

CVE-2025-40741 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-40741. A base score of 7.3 has been calculated; the CVSS vector string is (CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Germany

3.4 RESEARCHER

Michael Heinzl coordinated these vulnerabilities with Siemens.

4. MITIGATIONS

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

  • Solid Edge SE2025: Update to V225.0 Update 5 or a later version.
  • (CVE-2025-40739, CVE-2025-40740) Solid Edge SE2025: Do not open untrusted PAR files in the affected applications.
  • (CVE-2025-40741) Solid Edge SE2025: Do not open untrusted CFG files in affected applications.

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-091753 in HTML and CSAF.

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. These vulnerabilities are not exploitable remotely.

5. UPDATE HISTORY

  • July 10, 2025: Initial Republication of Siemens ProductCERT SSA-091753