Search criteria
3544 vulnerabilities
CVE-2026-22553 (GCVE-0-2026-22553)
Vulnerability from cvelistv5 – Published: 2026-02-24 20:56 – Updated: 2026-02-24 21:00
VLAI?
Title
InSAT MasterSCADA BUK-TS OS Command Injection
Summary
All versions of InSAT MasterSCADA BUK-TS are susceptible to OS command injection through a field in its MMadmServ web interface. Malicious users that use the vulnerable endpoint are potentially able to cause remote code execution.
Severity ?
9.8 (Critical)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| InSAT | MasterSCADA BUK-TS |
Affected:
All versions
|
Credits
Adem El Adeb reported these vulnerabilities to CISA.
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MasterSCADA BUK-TS",
"vendor": "InSAT",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adem El Adeb reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAll versions of InSAT MasterSCADA BUK-TS are susceptible to OS command injection through a field in its MMadmServ web interface. Malicious users that use the vulnerable endpoint are potentially able to cause remote code execution.\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "All versions of InSAT MasterSCADA BUK-TS are susceptible to OS command injection through a field in its MMadmServ web interface. Malicious users that use the vulnerable endpoint are potentially able to cause remote code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T21:00:29.951Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-055-01"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-055-01.json"
}
],
"source": {
"advisory": "ICSA-26-055-01",
"discovery": "EXTERNAL"
},
"title": "InSAT MasterSCADA BUK-TS OS Command Injection",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(245, 250, 252);\"\u003eInSAT has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected products are encouraged to contact info@insat.ru or scada@insat.ru for additional information.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "InSAT has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected products are encouraged to contact info@insat.ru or scada@insat.ru for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-22553",
"datePublished": "2026-02-24T20:56:14.099Z",
"dateReserved": "2026-02-09T17:52:06.925Z",
"dateUpdated": "2026-02-24T21:00:29.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21410 (GCVE-0-2026-21410)
Vulnerability from cvelistv5 – Published: 2026-02-24 20:53 – Updated: 2026-02-24 21:00
VLAI?
Title
InSAT MasterSCADA BUK-TS SQL Injection
Summary
InSAT MasterSCADA BUK-TS is susceptible to SQL Injection through its main web interface. Malicious users that use the vulnerable endpoint are potentially able to cause remote code execution.
Severity ?
9.8 (Critical)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| InSAT | MasterSCADA BUK-TS |
Affected:
All versions
|
Credits
Adem El Adeb reported these vulnerabilities to CISA.
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MasterSCADA BUK-TS",
"vendor": "InSAT",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adem El Adeb reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInSAT MasterSCADA BUK-TS is susceptible to SQL Injection through its main web interface. Malicious users that use the vulnerable endpoint are potentially able to cause remote code execution.\u003c/span\u003e"
}
],
"value": "InSAT MasterSCADA BUK-TS is susceptible to SQL Injection through its main web interface. Malicious users that use the vulnerable endpoint are potentially able to cause remote code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T21:00:53.595Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-055-01"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-055-01.json"
}
],
"source": {
"advisory": "ICSA-26-055-01",
"discovery": "EXTERNAL"
},
"title": "InSAT MasterSCADA BUK-TS SQL Injection",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(245, 250, 252);\"\u003eInSAT has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected products are encouraged to contact info@insat.ru or scada@insat.ru for additional information.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "InSAT has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected products are encouraged to contact info@insat.ru or scada@insat.ru for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-21410",
"datePublished": "2026-02-24T20:53:55.150Z",
"dateReserved": "2026-02-09T17:52:06.910Z",
"dateUpdated": "2026-02-24T21:00:53.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24790 (GCVE-0-2026-24790)
Vulnerability from cvelistv5 – Published: 2026-02-20 16:15 – Updated: 2026-02-20 18:59
VLAI?
Title
Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller Missing Authentication for Critical Function
Summary
The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication.
Severity ?
8.2 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Welker | OdorEyes EcoSystem Pulse Bypass System with XL4 Controller |
Affected:
All versions
|
Credits
A project sponsored by DHS S&T reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24790",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-20T18:57:49.840358Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T18:59:34.973Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OdorEyes EcoSystem Pulse Bypass System with XL4 Controller",
"vendor": "Welker",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "A project sponsored by DHS S\u0026T reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication."
}
],
"value": "The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T16:15:21.374Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.welker.com/contact-us/welker-team"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-050-04"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-050-04.json"
}
],
"source": {
"advisory": "ICSA-26-050-04",
"discovery": "EXTERNAL"
},
"title": "Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller Missing Authentication for Critical Function",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Welker did not respond to CISA\u0027s attempts at coordination. Users of \nWelker OdorEyes devices are encouraged to contact Welker and keep their \nsystems up to date.\n\n\u003cbr\u003e"
}
],
"value": "Welker did not respond to CISA\u0027s attempts at coordination. Users of \nWelker OdorEyes devices are encouraged to contact Welker and keep their \nsystems up to date."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-24790",
"datePublished": "2026-02-20T16:15:21.374Z",
"dateReserved": "2026-02-05T19:05:16.840Z",
"dateUpdated": "2026-02-20T18:59:34.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-26048 (GCVE-0-2026-26048)
Vulnerability from cvelistv5 – Published: 2026-02-20 16:06 – Updated: 2026-02-20 19:56 Unsupported When Assigned
VLAI?
Title
Jinan USR IOT Technology Limited (PUSR) USR-W610 Missing Authentication for Critical Function
Summary
The Wi-Fi router is vulnerable to de-authentication attacks due to the
absence of management frame protection, allowing forged deauthentication
and disassociation frames to be broadcast without authentication or
encryption. An attacker can use this to cause unauthorized disruptions
and create a denial-of-service condition.
Severity ?
7.5 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Jinan USR IOT Technology Limited (PUSR) | USR-W610 |
Affected:
0 , ≤ 3.1.1.0
(custom)
|
Credits
Abhishek Pandey and Ranit Pradhan of Payatu Security Consulting reported this to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26048",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-20T19:55:49.248148Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T19:56:09.601Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "USR-W610",
"vendor": "Jinan USR IOT Technology Limited (PUSR)",
"versions": [
{
"lessThanOrEqual": "3.1.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Abhishek Pandey and Ranit Pradhan of Payatu Security Consulting reported this to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Wi-Fi router is vulnerable to de-authentication attacks due to the \nabsence of management frame protection, allowing forged deauthentication\n and disassociation frames to be broadcast without authentication or \nencryption. An attacker can use this to cause unauthorized disruptions \nand create a denial-of-service condition."
}
],
"value": "The Wi-Fi router is vulnerable to de-authentication attacks due to the \nabsence of management frame protection, allowing forged deauthentication\n and disassociation frames to be broadcast without authentication or \nencryption. An attacker can use this to cause unauthorized disruptions \nand create a denial-of-service condition."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T16:06:17.626Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-050-03"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-050-03.json"
}
],
"source": {
"advisory": "ICSA-26-050-03",
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned"
],
"title": "Jinan USR IOT Technology Limited (PUSR) USR-W610 Missing Authentication for Critical Function",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Jinan USR IOT Technology Limited (PUSR) has stated that the product is \nend-of-life, and there are no plans to patch. Users of PUSR USR-W610 \ndevices are encouraged to \u003ca target=\"_blank\" rel=\"nofollow\"\u003econtact PUSR\u003c/a\u003e and keep their systems up to date.\n\n\u003cbr\u003e"
}
],
"value": "Jinan USR IOT Technology Limited (PUSR) has stated that the product is \nend-of-life, and there are no plans to patch. Users of PUSR USR-W610 \ndevices are encouraged to contact PUSR and keep their systems up to date."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-26048",
"datePublished": "2026-02-20T16:06:17.626Z",
"dateReserved": "2026-02-10T15:52:10.274Z",
"dateUpdated": "2026-02-20T19:56:09.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-26049 (GCVE-0-2026-26049)
Vulnerability from cvelistv5 – Published: 2026-02-20 16:03 – Updated: 2026-02-20 19:58 Unsupported When Assigned
VLAI?
Title
Jinan USR IOT Technology Limited (PUSR) USR-W610 Insufficiently Protected Credentials
Summary
The web management interface of the device renders the passwords in a
plaintext input field. The current password is directly visible to
anyone with access to the UI, potentially exposing administrator
credentials to unauthorized observation via shoulder surfing,
screenshots, or browser form caching.
Severity ?
5.7 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Jinan USR IOT Technology Limited (PUSR) | USR-W610 |
Affected:
0 , ≤ 3.1.1.0
(custom)
|
Credits
Abhishek Pandey of Payatu Security Consulting reported this to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26049",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-20T19:57:14.798564Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T19:58:24.669Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "USR-W610",
"vendor": "Jinan USR IOT Technology Limited (PUSR)",
"versions": [
{
"lessThanOrEqual": "3.1.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Abhishek Pandey of Payatu Security Consulting reported this to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The web management interface of the device renders the passwords in a \nplaintext input field. The current password is directly visible to \nanyone with access to the UI, potentially exposing administrator \ncredentials to unauthorized observation via shoulder surfing, \nscreenshots, or browser form caching."
}
],
"value": "The web management interface of the device renders the passwords in a \nplaintext input field. The current password is directly visible to \nanyone with access to the UI, potentially exposing administrator \ncredentials to unauthorized observation via shoulder surfing, \nscreenshots, or browser form caching."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T16:07:25.350Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-050-03"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-050-03.json"
}
],
"source": {
"advisory": "ICSA-26-050-03",
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned"
],
"title": "Jinan USR IOT Technology Limited (PUSR) USR-W610 Insufficiently Protected Credentials",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Jinan USR IOT Technology Limited (PUSR) has stated that the product is \nend-of-life, and there are no plans to patch. Users of PUSR USR-W610 \ndevices are encouraged to \u003ca target=\"_blank\" rel=\"nofollow\"\u003econtact PUSR\u003c/a\u003e and keep their systems up to date.\n\n\u003cbr\u003e"
}
],
"value": "Jinan USR IOT Technology Limited (PUSR) has stated that the product is \nend-of-life, and there are no plans to patch. Users of PUSR USR-W610 \ndevices are encouraged to contact PUSR and keep their systems up to date."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-26049",
"datePublished": "2026-02-20T16:03:56.928Z",
"dateReserved": "2026-02-10T15:52:10.261Z",
"dateUpdated": "2026-02-20T19:58:24.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24455 (GCVE-0-2026-24455)
Vulnerability from cvelistv5 – Published: 2026-02-20 16:00 – Updated: 2026-02-20 20:01 Unsupported When Assigned
VLAI?
Title
Jinan USR IOT Technology Limited (PUSR) USR-W610 Cleartext Transmission of Sensitive Information
Summary
The embedded web interface of the device does not support HTTPS/TLS for
authentication and uses HTTP Basic Authentication. Traffic is encoded
but not encrypted, exposing user credentials to passive interception by
attackers on the same network.
Severity ?
7.5 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Jinan USR IOT Technology Limited (PUSR) | USR-W610 |
Affected:
0 , ≤ 3.1.1.0
(custom)
|
Credits
Abhishek Pandey of Payatu Security Consulting reported this to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24455",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-20T20:00:37.730069Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T20:01:11.347Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "USR-W610",
"vendor": "Jinan USR IOT Technology Limited (PUSR)",
"versions": [
{
"lessThanOrEqual": "3.1.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Abhishek Pandey of Payatu Security Consulting reported this to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The embedded web interface of the device does not support HTTPS/TLS for \nauthentication and uses HTTP Basic Authentication. Traffic is encoded \nbut not encrypted, exposing user credentials to passive interception by \nattackers on the same network."
}
],
"value": "The embedded web interface of the device does not support HTTPS/TLS for \nauthentication and uses HTTP Basic Authentication. Traffic is encoded \nbut not encrypted, exposing user credentials to passive interception by \nattackers on the same network."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T16:00:42.396Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-050-03"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-050-03.json"
}
],
"source": {
"advisory": "ICSA-26-050-03",
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned"
],
"title": "Jinan USR IOT Technology Limited (PUSR) USR-W610 Cleartext Transmission of Sensitive Information",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Jinan USR IOT Technology Limited (PUSR) has stated that the product is \nend-of-life, and there are no plans to patch. Users of PUSR USR-W610 \ndevices are encouraged to \u003ca target=\"_blank\" rel=\"nofollow\"\u003econtact PUSR\u003c/a\u003e and keep their systems up to date.\n\n\u003cbr\u003e"
}
],
"value": "Jinan USR IOT Technology Limited (PUSR) has stated that the product is \nend-of-life, and there are no plans to patch. Users of PUSR USR-W610 \ndevices are encouraged to contact PUSR and keep their systems up to date."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-24455",
"datePublished": "2026-02-20T16:00:42.396Z",
"dateReserved": "2026-02-10T15:52:10.245Z",
"dateUpdated": "2026-02-20T20:01:11.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25715 (GCVE-0-2026-25715)
Vulnerability from cvelistv5 – Published: 2026-02-20 15:56 – Updated: 2026-02-20 20:03 Unsupported When Assigned
VLAI?
Title
Jinan USR IOT Technology Limited (PUSR) USR-W610 Weak Password Requirements
Summary
The web management interface of the device allows the administrator
username and password to be set to blank values. Once applied, the
device permits authentication with empty credentials over the web
management interface and Telnet service. This effectively disables
authentication across all critical management channels, allowing any
network-adjacent attacker to gain full administrative control without
credentials.
Severity ?
9.8 (Critical)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Jinan USR IOT Technology Limited (PUSR) | USR-W610 |
Affected:
0 , ≤ 3.1.1.0
(custom)
|
Credits
Abhishek Pandey of Payatu Security Consulting reported this to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25715",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-20T20:02:26.714876Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T20:03:22.841Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "USR-W610",
"vendor": "Jinan USR IOT Technology Limited (PUSR)",
"versions": [
{
"lessThanOrEqual": "3.1.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Abhishek Pandey of Payatu Security Consulting reported this to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The web management interface of the device allows the administrator \nusername and password to be set to blank values. Once applied, the \ndevice permits authentication with empty credentials over the web \nmanagement interface and Telnet service. This effectively disables \nauthentication across all critical management channels, allowing any \nnetwork-adjacent attacker to gain full administrative control without \ncredentials."
}
],
"value": "The web management interface of the device allows the administrator \nusername and password to be set to blank values. Once applied, the \ndevice permits authentication with empty credentials over the web \nmanagement interface and Telnet service. This effectively disables \nauthentication across all critical management channels, allowing any \nnetwork-adjacent attacker to gain full administrative control without \ncredentials."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T15:58:41.421Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-050-03"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-050-03.json"
}
],
"source": {
"advisory": "ICSA-26-050-03",
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned"
],
"title": "Jinan USR IOT Technology Limited (PUSR) USR-W610 Weak Password Requirements",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Jinan USR IOT Technology Limited (PUSR) has stated that the product is \nend-of-life, and there are no plans to patch. Users of PUSR USR-W610 \ndevices are encouraged to \u003ca target=\"_blank\" rel=\"nofollow\"\u003econtact PUSR\u003c/a\u003e and keep their systems up to date.\n\n\u003cbr\u003e"
}
],
"value": "Jinan USR IOT Technology Limited (PUSR) has stated that the product is \nend-of-life, and there are no plans to patch. Users of PUSR USR-W610 \ndevices are encouraged to contact PUSR and keep their systems up to date."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-25715",
"datePublished": "2026-02-20T15:56:16.805Z",
"dateReserved": "2026-02-10T15:52:10.231Z",
"dateUpdated": "2026-02-20T20:03:22.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22885 (GCVE-0-2026-22885)
Vulnerability from cvelistv5 – Published: 2026-02-20 15:35 – Updated: 2026-02-20 20:06
VLAI?
Title
EnOcean SmartServer IoT Out-of-bounds Read
Summary
A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and
prior, which would allow remote attackers, in the LON IP-852 management
messages, to send specially crafted IP-852 messages resulting in a
memory leak from the program's memory.
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| EnOcean Edge Inc | SmartServer IoT |
Affected:
0 , ≤ 4.60.009
(custom)
Unaffected: 4.60.023 |
Credits
Amir Zaltzman of Claroty Team82 reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22885",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-20T20:05:40.458900Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T20:06:44.163Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SmartServer IoT",
"vendor": "EnOcean Edge Inc",
"versions": [
{
"lessThanOrEqual": "4.60.009",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "4.60.023"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Amir Zaltzman of Claroty Team82 reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and \nprior, which would allow remote attackers, in the LON IP-852 management \nmessages, to send specially crafted IP-852 messages resulting in a \nmemory leak from the program\u0027s memory."
}
],
"value": "A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and \nprior, which would allow remote attackers, in the LON IP-852 management \nmessages, to send specially crafted IP-852 messages resulting in a \nmemory leak from the program\u0027s memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T15:35:02.898Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://enoceanwiki.atlassian.net/wiki/spaces/DrftSSIoT/pages/1475410/SmartServer+IoT+Release+Notes#Current-Stable-Release"
},
{
"url": "https://enoceanwiki.atlassian.net/wiki/spaces/IEC/pages/288063529/Enhancing+Security"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-050-01"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-050-01.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "EnOcean recommends users update the SmartServer platform software to \nSmartServer 4.6 Update 2 (v4.60.023) or a later release at \n\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://enoceanwiki.atlassian.net/wiki/spaces/DrftSSIoT/pages/1475410/SmartServer+IoT+Release+Notes#Current-Stable-Release\"\u003ehttps://enoceanwiki.atlassian.net/wiki/spaces/DrftSSIoT/pages/1475410/SmartServer+IoT+Release+Notes#...\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "EnOcean recommends users update the SmartServer platform software to \nSmartServer 4.6 Update 2 (v4.60.023) or a later release at \n https://enoceanwiki.atlassian.net/wiki/spaces/DrftSSIoT/pages/1475410/SmartServer+IoT+Release+Notes#... https://enoceanwiki.atlassian.net/wiki/spaces/DrftSSIoT/pages/1475410/SmartServer+IoT+Release+Notes#Current-Stable-Release ."
}
],
"source": {
"advisory": "ICSA-26-050-01",
"discovery": "EXTERNAL"
},
"title": "EnOcean SmartServer IoT Out-of-bounds Read",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "For additional mitigations and workarounds, refer to EnOcean\u0027s hardening\n guide at \n\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://enoceanwiki.atlassian.net/wiki/spaces/IEC/pages/288063529/Enhancing+Security\"\u003ehttps://enoceanwiki.atlassian.net/wiki/spaces/IEC/pages/288063529/Enhancing+Security\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "For additional mitigations and workarounds, refer to EnOcean\u0027s hardening\n guide at \n https://enoceanwiki.atlassian.net/wiki/spaces/IEC/pages/288063529/Enhancing+Security ."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-22885",
"datePublished": "2026-02-20T15:35:02.898Z",
"dateReserved": "2026-02-12T00:19:51.033Z",
"dateUpdated": "2026-02-20T20:06:44.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20761 (GCVE-0-2026-20761)
Vulnerability from cvelistv5 – Published: 2026-02-20 15:32 – Updated: 2026-02-20 20:09
VLAI?
Title
EnOcean SmartServer IoT Command Injection
Summary
A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and
prior, which would allow remote attackers, in the LON IP-852 management
messages, to send specially crafted IP-852 messages resulting in
arbitrary OS command execution on the device.
Severity ?
8.1 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| EnOcean Edge Inc | SmartServer IoT |
Affected:
0 , ≤ 4.60.009
(custom)
Unaffected: 4.60.023 |
Credits
Amir Zaltzman of Claroty Team82 reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20761",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-20T20:07:47.196222Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T20:09:15.218Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SmartServer IoT",
"vendor": "EnOcean Edge Inc",
"versions": [
{
"lessThanOrEqual": "4.60.009",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "4.60.023"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Amir Zaltzman of Claroty Team82 reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and \nprior, which would allow remote attackers, in the LON IP-852 management \nmessages, to send specially crafted IP-852 messages resulting in \narbitrary OS command execution on the device."
}
],
"value": "A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and \nprior, which would allow remote attackers, in the LON IP-852 management \nmessages, to send specially crafted IP-852 messages resulting in \narbitrary OS command execution on the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T15:36:32.746Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://enoceanwiki.atlassian.net/wiki/spaces/DrftSSIoT/pages/1475410/SmartServer+IoT+Release+Notes#Current-Stable-Release"
},
{
"url": "https://enoceanwiki.atlassian.net/wiki/spaces/IEC/pages/288063529/Enhancing+Security"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-050-01"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-050-01.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "EnOcean recommends users update the SmartServer platform software to \nSmartServer 4.6 Update 2 (v4.60.023) or a later release at \n\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://enoceanwiki.atlassian.net/wiki/spaces/DrftSSIoT/pages/1475410/SmartServer+IoT+Release+Notes#Current-Stable-Release\"\u003ehttps://enoceanwiki.atlassian.net/wiki/spaces/DrftSSIoT/pages/1475410/SmartServer+IoT+Release+Notes#...\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "EnOcean recommends users update the SmartServer platform software to \nSmartServer 4.6 Update 2 (v4.60.023) or a later release at \n https://enoceanwiki.atlassian.net/wiki/spaces/DrftSSIoT/pages/1475410/SmartServer+IoT+Release+Notes#... https://enoceanwiki.atlassian.net/wiki/spaces/DrftSSIoT/pages/1475410/SmartServer+IoT+Release+Notes#Current-Stable-Release ."
}
],
"source": {
"advisory": "ICSA-26-050-01",
"discovery": "EXTERNAL"
},
"title": "EnOcean SmartServer IoT Command Injection",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "For additional mitigations and workarounds, refer to EnOcean\u0027s hardening\n guide at \n\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://enoceanwiki.atlassian.net/wiki/spaces/IEC/pages/288063529/Enhancing+Security\"\u003ehttps://enoceanwiki.atlassian.net/wiki/spaces/IEC/pages/288063529/Enhancing+Security\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "For additional mitigations and workarounds, refer to EnOcean\u0027s hardening\n guide at \n https://enoceanwiki.atlassian.net/wiki/spaces/IEC/pages/288063529/Enhancing+Security ."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-20761",
"datePublished": "2026-02-20T15:32:09.969Z",
"dateReserved": "2026-02-12T00:19:51.025Z",
"dateUpdated": "2026-02-20T20:09:15.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1670 (GCVE-0-2026-1670)
Vulnerability from cvelistv5 – Published: 2026-02-17 22:56 – Updated: 2026-02-18 20:45
VLAI?
Title
Honeywell CCTV Products Missing Authentication for Critical Function
Summary
The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address.
Severity ?
9.8 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Honeywell | I-HIB2PI-UL 2MP IP |
Affected:
6.1.22.1216
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
Souvik Kandar reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1670",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-18T20:45:37.144272Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T20:45:46.226Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "I-HIB2PI-UL 2MP IP",
"vendor": "Honeywell",
"versions": [
{
"status": "affected",
"version": "6.1.22.1216"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SMB NDAA MVO-3",
"vendor": "Honeywell",
"versions": [
{
"status": "affected",
"version": "WDR_2MP_32M_PTZ_v2.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PTZ WDR 2MP 32M",
"vendor": "Honeywell",
"versions": [
{
"status": "affected",
"version": "WDR_2MP_32M_PTZ_v2.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "25M IPC",
"vendor": "Honeywell",
"versions": [
{
"status": "affected",
"version": "WDR_2MP_32M_PTZ_v2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Souvik Kandar reported this vulnerability to CISA."
}
],
"datePublic": "2026-02-17T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the \"forgot password\" recovery email address."
}
],
"value": "The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the \"forgot password\" recovery email address."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T22:56:00.586Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-048-04"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-048-04.json"
},
{
"url": "https://www.honeywell.com/us/en/contact/support"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Honeywell recommends users contact Honeywell at \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.honeywell.com/us/en/contact/support\"\u003ehttps://www.honeywell.com/us/en/contact/support\u003c/a\u003e for patch information.\u003cbr\u003e"
}
],
"value": "Honeywell recommends users contact Honeywell at https://www.honeywell.com/us/en/contact/support for patch information."
}
],
"source": {
"advisory": "ICSA-26-048-04",
"discovery": "EXTERNAL"
},
"title": "Honeywell CCTV Products Missing Authentication for Critical Function",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-1670",
"datePublished": "2026-02-17T22:56:00.586Z",
"dateReserved": "2026-01-30T00:35:22.440Z",
"dateUpdated": "2026-02-18T20:45:46.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1358 (GCVE-0-2026-1358)
Vulnerability from cvelistv5 – Published: 2026-02-12 21:24 – Updated: 2026-02-17 18:03
VLAI?
Title
Airleader Master Unrestricted Upload of File with Dangerous Type
Summary
Airleader Master versions 6.381 and prior allow for file uploads without
restriction to multiple webpages running maximum privileges. This could
allow an unauthenticated user to potentially obtain remote code
execution on the server.
Severity ?
9.8 (Critical)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Airleader GmbH | Airleader Master |
Affected:
0 , ≤ 6.381
(custom)
|
Credits
Angel Lomeli of SySS reported this vulnerability to CISA
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1358",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-13T16:27:21.432617Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T16:27:30.492Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Airleader Master",
"vendor": "Airleader GmbH",
"versions": [
{
"lessThanOrEqual": "6.381",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Angel Lomeli of SySS reported this vulnerability to CISA"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Airleader Master versions 6.381 and prior allow for file uploads without\n restriction to multiple webpages running maximum privileges. This could\n allow an unauthenticated user to potentially obtain remote code \nexecution on the server."
}
],
"value": "Airleader Master versions 6.381 and prior allow for file uploads without\n restriction to multiple webpages running maximum privileges. This could\n allow an unauthenticated user to potentially obtain remote code \nexecution on the server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T18:03:38.837Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-043-10"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-043-10.json"
},
{
"url": "https://airleader.us/contact/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\nAirleader recommends that users upgrade Airleader Master to version 6.386 or later.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\nUsers of Airleader Master are encouraged to reach out to Airleader via \nemail (info@airleader.us)\u0026nbsp;or submit a web form (\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://airleader.us/contact/\"\u003ehttps://airleader.us/contact/\u003c/a\u003e) for more information and mitigation \nassistance.\n\n\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "Airleader recommends that users upgrade Airleader Master to version 6.386 or later.\n\n\n\n\n\nUsers of Airleader Master are encouraged to reach out to Airleader via \nemail (info@airleader.us)\u00a0or submit a web form ( https://airleader.us/contact/ ) for more information and mitigation \nassistance."
}
],
"source": {
"advisory": "ICSA-26-043-10",
"discovery": "EXTERNAL"
},
"title": "Airleader Master Unrestricted Upload of File with Dangerous Type",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-1358",
"datePublished": "2026-02-12T21:24:53.070Z",
"dateReserved": "2026-01-22T20:21:20.996Z",
"dateUpdated": "2026-02-17T18:03:38.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54756 (GCVE-0-2025-54756)
Vulnerability from cvelistv5 – Published: 2026-02-12 16:34 – Updated: 2026-02-12 18:45
VLAI?
Title
BrightSign Players Use of Default Credentials
Summary
BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or
series 5 prior to v9.0.166 use a default password that is guessable with
knowledge of the device information. The latest release fixes this
issue for new installations; users of old installations are encouraged
to change all default passwords.
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| BrightSign | BrightSign OS series 4 players |
Affected:
0 , < v8.5.53.1
(custom)
|
|||||||
|
|||||||||
Credits
Adam Merrill, a member of the Adversarial Modeling and Penetration Testing (AMPT) team at Sandia National Laboratories, reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54756",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-12T18:44:52.091544Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T18:45:20.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BrightSign OS series 4 players",
"vendor": "BrightSign",
"versions": [
{
"lessThan": "v8.5.53.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "BrightSign OS series 5 players",
"vendor": "BrightSign",
"versions": [
{
"lessThan": "v9.0.166",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adam Merrill, a member of the Adversarial Modeling and Penetration Testing (AMPT) team at Sandia National Laboratories, reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or \nseries 5 prior to v9.0.166 use a default password that is guessable with\n knowledge of the device information. The latest release fixes this \nissue for new installations; users of old installations are encouraged \nto change all default passwords."
}
],
"value": "BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or \nseries 5 prior to v9.0.166 use a default password that is guessable with\n knowledge of the device information. The latest release fixes this \nissue for new installations; users of old installations are encouraged \nto change all default passwords."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1392",
"description": "CWE-1392",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T16:35:09.037Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-126-03"
},
{
"url": "https://www.brightsign.biz/resources/software-downloads/"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-126-03.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\n\u003c/div\u003e\nBrightSign fixed CVE-2025-54756 in v8.5.53.1 (for \nseries 4 players) and v9.0.166 (for series 5 players). Both of these \nhave been released and are available on the BrightSign download site.\n\n\u003cdiv\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.brightsign.biz/contact-us/\"\u003e\u003c/a\u003e\n\n\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "BrightSign fixed CVE-2025-54756 in v8.5.53.1 (for \nseries 4 players) and v9.0.166 (for series 5 players). Both of these \nhave been released and are available on the BrightSign download site.\n\n https://www.brightsign.biz/contact-us/"
}
],
"source": {
"advisory": "ICSA-25-126-03",
"discovery": "EXTERNAL"
},
"title": "BrightSign Players Use of Default Credentials",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eBrightSign recommends the following security practices:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eChange default passwords when the device is initially set up.\u003c/li\u003e\n\u003cli\u003eDisable the local DWS as described in \"High Security settings\".\u003c/li\u003e\n\u003cli\u003eDisable the SSH/telnet server when not being used - it is not enabled by default.\u003c/li\u003e\n\u003cli\u003eDevices should be located where an attacker does not have physical access to the device.\u003c/li\u003e\n\u003cli\u003eSD and USB ports can be disabled if not needed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor more information, please \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.brightsign.biz/contact-us/\"\u003econtact BrightSign via their website.\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "BrightSign recommends the following security practices:\n\n\n\n * Change default passwords when the device is initially set up.\n\n * Disable the local DWS as described in \"High Security settings\".\n\n * Disable the SSH/telnet server when not being used - it is not enabled by default.\n\n * Devices should be located where an attacker does not have physical access to the device.\n\n * SD and USB ports can be disabled if not needed.\n\n\n\n\nFor more information, please contact BrightSign via their website. https://www.brightsign.biz/contact-us/"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-54756",
"datePublished": "2026-02-12T16:34:18.821Z",
"dateReserved": "2025-07-30T19:03:10.145Z",
"dateUpdated": "2026-02-12T18:45:20.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24789 (GCVE-0-2026-24789)
Vulnerability from cvelistv5 – Published: 2026-02-11 16:17 – Updated: 2026-02-11 16:45
VLAI?
Title
ZLAN Information Technology ZLAN5143D Missing Authentication for Critical Function
Summary
An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication.
Severity ?
9.8 (Critical)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZLAN Information Technology Co. | ZLAN5143D |
Affected:
v1.600
|
Credits
Shorabh Karir and Deepak Singh of KPMG reported these vulnerabilities to CISA
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24789",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-11T16:44:50.414629Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T16:45:23.479Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ZLAN5143D",
"vendor": "ZLAN Information Technology Co.",
"versions": [
{
"status": "affected",
"version": "v1.600"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Shorabh Karir and Deepak Singh of KPMG reported these vulnerabilities to CISA"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication."
}
],
"value": "An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T16:24:41.818Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-041-02"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-041-02.json"
},
{
"url": "https://www.zlmcu.com/en/contact_us.htm"
}
],
"source": {
"advisory": "ICSA-26-041-02",
"discovery": "EXTERNAL"
},
"title": "ZLAN Information Technology ZLAN5143D Missing Authentication for Critical Function",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ZLAN Information Technology Co. did not respond to CISA\u0027s attempts at \ncoordination. Users of ZLAN5143D devices are encouraged to contact ZLAN \nand keep their systems up to date. \n\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.zlmcu.com/en/contatct_us.htm\"\u003ehttps://www.zlmcu.com/en/contatct_us.htm\u003c/a\u003e\n\n\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.zlmcu.com/en/contatct_us.htm\"\u003e\u003c/a\u003e\n\n\u003cbr\u003e"
}
],
"value": "ZLAN Information Technology Co. did not respond to CISA\u0027s attempts at \ncoordination. Users of ZLAN5143D devices are encouraged to contact ZLAN \nand keep their systems up to date. \n https://www.zlmcu.com/en/contatct_us.htm \n\n https://www.zlmcu.com/en/contatct_us.htm"
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-24789",
"datePublished": "2026-02-11T16:17:19.702Z",
"dateReserved": "2026-01-29T21:07:29.858Z",
"dateUpdated": "2026-02-11T16:45:23.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25084 (GCVE-0-2026-25084)
Vulnerability from cvelistv5 – Published: 2026-02-11 16:11 – Updated: 2026-02-11 16:47
VLAI?
Title
ZLAN Information Technology ZLAN5143D Missing Authentication for Critical Function
Summary
Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs.
Severity ?
9.8 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZLAN Information Technology Co. | ZLAN5143D |
Affected:
v1.600
|
Credits
Shorabh Karir and Deepak Singh of KPMG reported these vulnerabilities to CISA
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25084",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-11T16:46:49.382065Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T16:47:23.667Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ZLAN5143D",
"vendor": "ZLAN Information Technology Co.",
"versions": [
{
"status": "affected",
"version": "v1.600"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Shorabh Karir and Deepak Singh of KPMG reported these vulnerabilities to CISA"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs."
}
],
"value": "Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T16:25:17.533Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-041-02"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-041-02.json"
},
{
"url": "https://www.zlmcu.com/en/contact_us.htm"
}
],
"source": {
"advisory": "ICSA-26-041-02",
"discovery": "EXTERNAL"
},
"title": "ZLAN Information Technology ZLAN5143D Missing Authentication for Critical Function",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ZLAN Information Technology Co. did not respond to CISA\u0027s attempts at \ncoordination. Users of ZLAN5143D devices are encouraged to contact ZLAN \nand keep their systems up to date. \n\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.zlmcu.com/en/contatct_us.htm\"\u003ehttps://www.zlmcu.com/en/contatct_us.htm\u003c/a\u003e\n\n\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.zlmcu.com/en/contatct_us.htm\"\u003e\u003c/a\u003e\n\n\u003cbr\u003e"
}
],
"value": "ZLAN Information Technology Co. did not respond to CISA\u0027s attempts at \ncoordination. Users of ZLAN5143D devices are encouraged to contact ZLAN \nand keep their systems up to date. \n https://www.zlmcu.com/en/contatct_us.htm \n\n https://www.zlmcu.com/en/contatct_us.htm"
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-25084",
"datePublished": "2026-02-11T16:11:08.151Z",
"dateReserved": "2026-01-29T21:07:29.846Z",
"dateUpdated": "2026-02-11T16:47:23.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12699 (GCVE-0-2025-12699)
Vulnerability from cvelistv5 – Published: 2026-02-10 20:38 – Updated: 2026-02-11 21:44
VLAI?
Title
ZOLL ePCR IOS Mobile Application Insertion of Sensitive Information into Externally-Accessible File or Directory
Summary
The ZOLL ePCR IOS application reflects unsanitized user input into a WebView. Attacker-controlled strings placed into PCR fields (run number, incident, call sign, notes) are interpreted as HTML/JS when the app prints or renders that content. In the proof of concept (POC), injected scripts return local file content, which would allow arbitrary local file reads from the app's runtime context. These local files contain device and user data within the ePCR medical application, and if exposed, would allow an attacker to access protected health information (PHI) or device telemetry.
Severity ?
5.5 (Medium)
CWE
- CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZOLL | ZOLL ePCR IOS Mobile Application |
Affected:
2.6.7
|
Credits
Bryan Riggins reported this vulnerability to ZOLL
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12699",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-11T21:44:35.726699Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T21:44:45.367Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ZOLL ePCR IOS Mobile Application",
"vendor": "ZOLL",
"versions": [
{
"status": "affected",
"version": "2.6.7"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bryan Riggins reported this vulnerability to ZOLL"
}
],
"datePublic": "2026-02-10T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe ZOLL ePCR IOS application reflects unsanitized user input into a WebView. Attacker-controlled strings placed into PCR fields (run number, incident, call sign, notes) are interpreted as HTML/JS when the app prints or renders that content. In the proof of concept (POC), injected scripts return local file content, which would allow arbitrary local file reads from the app\u0027s runtime context. These local files contain device and user data within the ePCR medical application, and if exposed, would allow an attacker to access protected health information (PHI) or device telemetry.\u003c/span\u003e"
}
],
"value": "The ZOLL ePCR IOS application reflects unsanitized user input into a WebView. Attacker-controlled strings placed into PCR fields (run number, incident, call sign, notes) are interpreted as HTML/JS when the app prints or renders that content. In the proof of concept (POC), injected scripts return local file content, which would allow arbitrary local file reads from the app\u0027s runtime context. These local files contain device and user data within the ePCR medical application, and if exposed, would allow an attacker to access protected health information (PHI) or device telemetry."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-538",
"description": "CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T20:38:37.838Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-041-01"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsma-26-041-01.json"
},
{
"url": "https://www.zolldata.com/contact-us."
}
],
"source": {
"advisory": "ICSMA-26-041-01",
"discovery": "EXTERNAL"
},
"title": "ZOLL ePCR IOS Mobile Application Insertion of Sensitive Information into Externally-Accessible File or Directory",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ZOLL ePCR IOS application was decommissioned in May 2025. ZOLL has no \ncurrent plans to provide a replacement application. If users have \nquestions or concerns, they are encouraged to reach out directly to ZOLL\n Support. \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.zolldata.com/contact-us\"\u003ehttps://www.zolldata.com/contact-us\u003c/a\u003e.\n\n\n\n\u003cbr\u003e"
}
],
"value": "ZOLL ePCR IOS application was decommissioned in May 2025. ZOLL has no \ncurrent plans to provide a replacement application. If users have \nquestions or concerns, they are encouraged to reach out directly to ZOLL\n Support. https://www.zolldata.com/contact-us ."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-12699",
"datePublished": "2026-02-10T20:38:37.838Z",
"dateReserved": "2025-11-04T15:39:58.840Z",
"dateUpdated": "2026-02-11T21:44:45.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1507 (GCVE-0-2026-1507)
Vulnerability from cvelistv5 – Published: 2026-02-10 20:19 – Updated: 2026-02-12 18:47
VLAI?
Title
Uncaught Exception vulnerability in AVEVA PI Data Archive
Summary
The affected products are vulnerable to an uncaught exception that could allow an unauthenticated attacker to remotely crash core PI services resulting in a denial-of-service.
Severity ?
CWE
- CWE-248 - Uncaught Exception
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AVEVA | PI Data Archive PI Server |
Affected:
0 , ≤ 2018_SP3_Patch_7
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1507",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-12T18:46:57.197406Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T18:47:05.938Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PI Data Archive PI Server",
"vendor": "AVEVA",
"versions": [
{
"lessThanOrEqual": "2018_SP3_Patch_7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2026-02-10T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe affected products are vulnerable to an uncaught exception that could allow an unauthenticated attacker to remotely crash core PI services resulting in a denial-of-service.\u003c/span\u003e"
}
],
"value": "The affected products are vulnerable to an uncaught exception that could allow an unauthenticated attacker to remotely crash core PI services resulting in a denial-of-service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248 Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T20:19:18.886Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-041-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAVEVA recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation. Users of affected product versions should apply security updates to mitigate the risk of exploit.\u003c/p\u003e\u003cp\u003eAll impacted versions of PI Data Archive can be fixed by upgrading to PI Server 2024 R2 or later available here: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/en-US/downloads/products/details/8c9b0e8c-eb68-481f-b420-c87a253a4172\"\u003ehttps://softwaresupportsp.aveva.com/en-US/downloads/products/details/8c9b0e8c-eb68-481f-b420-c87a253a4172\u003c/a\u003e.\u003c/p\u003e\u003cp\u003ePI Data Archive delivered by PI Server 2018 SP3 Patch 7 and prior can be fixed by upgrading to PI Server 2018 SP3 Patch 8 or higher available here: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/en-US/downloads/products/details/79492560-7e4c-4800-8bd7-40cce61a17d2\"\u003ehttps://softwaresupportsp.aveva.com/en-US/downloads/products/details/79492560-7e4c-4800-8bd7-40cce61a17d2\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eThe following general defensive measures are recommended: * Monitor liveness of services listed in your installation\u2019s \u201c\\PI\\adm\\pisrvstart.bat\u201d. * Set the PI Data Archive Subsystem services to automatically restart. * PI Data Archive nodes should limit port 5450 inbound access to trusted workstations, users, and software.\u003c/p\u003e\u003cp\u003eFor additional information please refer to AVEVA-2026-002(\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2026-002.pdf)\"\u003ehttps://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AV...\u003c/a\u003e.\u003c/span\u003e\n\n\u003c/p\u003e"
}
],
"value": "AVEVA recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation. Users of affected product versions should apply security updates to mitigate the risk of exploit.\n\nAll impacted versions of PI Data Archive can be fixed by upgrading to PI Server 2024 R2 or later available here: https://softwaresupportsp.aveva.com/en-US/downloads/products/details/8c9b0e8c-eb68-481f-b420-c87a253a4172 .\n\nPI Data Archive delivered by PI Server 2018 SP3 Patch 7 and prior can be fixed by upgrading to PI Server 2018 SP3 Patch 8 or higher available here: https://softwaresupportsp.aveva.com/en-US/downloads/products/details/79492560-7e4c-4800-8bd7-40cce61a17d2 .\n\nThe following general defensive measures are recommended: * Monitor liveness of services listed in your installation\u2019s \u201c\\PI\\adm\\pisrvstart.bat\u201d. * Set the PI Data Archive Subsystem services to automatically restart. * PI Data Archive nodes should limit port 5450 inbound access to trusted workstations, users, and software.\n\nFor additional information please refer to AVEVA-2026-002(\n\n https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AV... https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2026-002.pdf) ."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Uncaught Exception vulnerability in AVEVA PI Data Archive",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-1507",
"datePublished": "2026-02-10T20:19:18.886Z",
"dateReserved": "2026-01-27T20:22:05.820Z",
"dateUpdated": "2026-02-12T18:47:05.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1495 (GCVE-0-2026-1495)
Vulnerability from cvelistv5 – Published: 2026-02-10 20:18 – Updated: 2026-02-12 18:46
VLAI?
Title
Insertion of Sensitive Information into Log File vulnerability in AVEVA PI to CONNECT Agent
Summary
The vulnerability, if exploited, could allow an attacker with Event Log Reader (S-1-5-32-573) privileges to obtain proxy details, including URL and proxy credentials, from the PI to CONNECT event log files. This could enable unauthorized access to the proxy server.
Severity ?
6.5 (Medium)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AVEVA | PI to CONNECT Agent |
Affected:
0 , ≤ Version v2.4.2520
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1495",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-12T18:46:32.294842Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T18:46:41.102Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PI to CONNECT Agent",
"vendor": "AVEVA",
"versions": [
{
"lessThanOrEqual": "Version v2.4.2520",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2026-02-10T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vulnerability, if exploited, could allow an attacker with Event Log Reader (S-1-5-32-573) privileges to obtain proxy details, including URL and proxy credentials, from the PI to CONNECT event log files. This could enable unauthorized access to the proxy server.\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "The vulnerability, if exploited, could allow an attacker with Event Log Reader (S-1-5-32-573) privileges to obtain proxy details, including URL and proxy credentials, from the PI to CONNECT event log files. This could enable unauthorized access to the proxy server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T20:18:10.844Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-041-04"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eAVEVA recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.\u0026nbsp;\u003c/p\u003e\u003cp\u003e* Users of affected product versions should apply security updates to mitigate the risk of proxy details exposure in newly generated PI to CONNECT Agent event logs.\u0026nbsp;\u003c/p\u003e\u003cp\u003e* Users who have used affected product versions, should review existing PI to CONNECT Agent event logs (live/backups/copies) for exposed proxy connection details and consider purging the sensitive data from logs and/or configuring new credentials for access to the proxy service.\u003c/p\u003e\u003cp\u003eThe following general defensive measures are recommended:\u0026nbsp;\u003c/p\u003e\u003cp\u003e* Remove use of plain text passwords in proxy URLs. Alternatively, if passwords are required by the proxy, then use least-privilege credentials.\u0026nbsp;\u003c/p\u003e\u003cp\u003e* Ensure only trusted users are given Event Log Reader (S-1-5-32-573) privileges on hosts where PI to CONNECT is installed.\u0026nbsp;\u003c/p\u003e\u003cp\u003e* Review existing PI to CONNECT event logs (live/backups/copies) for exposed proxy connection details and consider purging the sensitive data from logs and/or configuring new credentials for access to the proxy service.\u003c/p\u003e\u003cp\u003eAll affected versions can be fixed by upgrading to PI to CONNECT Agent v2.5.2790 or higher. The latest version of the agent can be downloaded from the CONNECT Data Services Portal here: [\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://datahub.connect.aveva.com/](https://datahub.connect.aveva.com/](https://datahub.connect.aveva.com/](https://datahub.connect.aveva.com/)\"\u003ehttps://datahub.connect.aveva.com/](https://datahub.connect.aveva.com/](https://datahub.connect.avev...\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eFor additional information please refer to AVEVA-2026-003 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2026-003.pdf\"\u003ehttps://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2026-003.pdf\u003c/a\u003e.\u003c/p\u003e\n\n\u003cp\u003e\n\n\u003c/p\u003e"
}
],
"value": "AVEVA recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.\u00a0\n\n* Users of affected product versions should apply security updates to mitigate the risk of proxy details exposure in newly generated PI to CONNECT Agent event logs.\u00a0\n\n* Users who have used affected product versions, should review existing PI to CONNECT Agent event logs (live/backups/copies) for exposed proxy connection details and consider purging the sensitive data from logs and/or configuring new credentials for access to the proxy service.\n\nThe following general defensive measures are recommended:\u00a0\n\n* Remove use of plain text passwords in proxy URLs. Alternatively, if passwords are required by the proxy, then use least-privilege credentials.\u00a0\n\n* Ensure only trusted users are given Event Log Reader (S-1-5-32-573) privileges on hosts where PI to CONNECT is installed.\u00a0\n\n* Review existing PI to CONNECT event logs (live/backups/copies) for exposed proxy connection details and consider purging the sensitive data from logs and/or configuring new credentials for access to the proxy service.\n\nAll affected versions can be fixed by upgrading to PI to CONNECT Agent v2.5.2790 or higher. The latest version of the agent can be downloaded from the CONNECT Data Services Portal here: [ https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2026-003.pdf ."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insertion of Sensitive Information into Log File vulnerability in AVEVA PI to CONNECT Agent",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-1495",
"datePublished": "2026-02-10T20:18:10.844Z",
"dateReserved": "2026-01-27T15:52:30.419Z",
"dateUpdated": "2026-02-12T18:46:41.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1301 (GCVE-0-2026-1301)
Vulnerability from cvelistv5 – Published: 2026-02-05 19:09 – Updated: 2026-02-05 20:23
VLAI?
Title
Out-of-bounds Write in o6 Automation GmbH Open62541
Summary
In builds with PubSub and JSON enabled, a crafted JSON message can cause the decoder to write beyond a heap-allocated array before authentication, reliably crashing the process and corrupting memory.
Severity ?
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| o6 Automation GmbH | Open62541 |
Affected:
1.5-rc1 , < 1.5-rc2
(custom)
|
Credits
Andrew Fasano of NIST CAISI reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1301",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-05T20:22:27.220232Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T20:23:12.378Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Open62541",
"vendor": "o6 Automation GmbH",
"versions": [
{
"lessThan": "1.5-rc2",
"status": "affected",
"version": "1.5-rc1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrew Fasano of NIST CAISI reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn builds with PubSub and JSON enabled, a crafted JSON message can cause the decoder to write beyond a heap-allocated array before authentication, reliably crashing the process and corrupting memory.\u003c/p\u003e"
}
],
"value": "In builds with PubSub and JSON enabled, a crafted JSON message can cause the decoder to write beyond a heap-allocated array before authentication, reliably crashing the process and corrupting memory."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T19:09:37.387Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-036-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "o6 Automation GmbH recommends users upgrade to the stable release of v1.5.0.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "o6 Automation GmbH recommends users upgrade to the stable release of v1.5.0."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds Write in o6 Automation GmbH Open62541",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-1301",
"datePublished": "2026-02-05T19:09:37.387Z",
"dateReserved": "2026-01-21T18:52:45.866Z",
"dateUpdated": "2026-02-05T20:23:12.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1633 (GCVE-0-2026-1633)
Vulnerability from cvelistv5 – Published: 2026-02-03 23:02 – Updated: 2026-02-04 20:18
VLAI?
Title
Synectix LAN 232 TRIO Missing Authentication for Critical Function
Summary
The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web management interface without requiring authentication, allowing unauthenticated users to modify critical device settings or factory reset the device.
Severity ?
10 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Synectix | LAN 232 TRIO |
Affected:
All versions
|
Credits
Souvik Kandar of MicroSec reported this vulnerability to CISA
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1633",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-04T20:18:17.025677Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T20:18:22.726Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LAN 232 TRIO",
"vendor": "Synectix",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Souvik Kandar of MicroSec reported this vulnerability to CISA"
}
],
"datePublic": "2026-02-03T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web management interface without requiring authentication, allowing unauthenticated users to modify critical device settings or factory reset the device."
}
],
"value": "The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web management interface without requiring authentication, allowing unauthenticated users to modify critical device settings or factory reset the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T23:02:58.208Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-034-04"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-034-04.json"
}
],
"source": {
"advisory": "ICSA-26-034-04",
"discovery": "EXTERNAL"
},
"title": "Synectix LAN 232 TRIO Missing Authentication for Critical Function",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The affected products should be considered end-of-life, as Synectix is \nno longer in business and therefore firmware fixes, mitigations and \nupdates will be unavailable.\n\n\u003cbr\u003e"
}
],
"value": "The affected products should be considered end-of-life, as Synectix is \nno longer in business and therefore firmware fixes, mitigations and \nupdates will be unavailable."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-1633",
"datePublished": "2026-02-03T23:02:58.208Z",
"dateReserved": "2026-01-29T16:19:22.805Z",
"dateUpdated": "2026-02-04T20:18:22.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1632 (GCVE-0-2026-1632)
Vulnerability from cvelistv5 – Published: 2026-02-03 22:59 – Updated: 2026-02-04 20:17
VLAI?
Title
RISS SRL MOMA Seismic Station Missing Authentication for Critical Function
Summary
MOMA Seismic Station Version v2.4.2520 and prior exposes its web management interface without requiring authentication, which could allow an unauthenticated attacker to modify configuration settings, acquire device data or remotely reset the device.
Severity ?
9.1 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RISS SRL | MOMA Seismic Station |
Affected:
0 , ≤ Version v2.4.2520
(custom)
|
Credits
Souvik Kandar reported this vulnerability to CISA
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1632",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-04T20:17:47.811407Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T20:17:57.156Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MOMA Seismic Station",
"vendor": "RISS SRL",
"versions": [
{
"lessThanOrEqual": "Version v2.4.2520",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Souvik Kandar reported this vulnerability to CISA"
}
],
"datePublic": "2026-02-03T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "MOMA Seismic Station Version v2.4.2520 and prior exposes its web management interface without requiring authentication, which could allow an unauthenticated attacker to modify configuration settings, acquire device data or remotely reset the device."
}
],
"value": "MOMA Seismic Station Version v2.4.2520 and prior exposes its web management interface without requiring authentication, which could allow an unauthenticated attacker to modify configuration settings, acquire device data or remotely reset the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T22:59:32.539Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-034-03"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-034-03.json"
}
],
"source": {
"advisory": "ICSA-26-034-03",
"discovery": "EXTERNAL"
},
"title": "RISS SRL MOMA Seismic Station Missing Authentication for Critical Function",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "RISS SRL did not respond to CISA\u0027s request for coordination. Users of \nRISS MOMA Seismic Station are encouraged to contact RISS SRL \n(info@riss-srl.com) for more information.\n\n\u003cbr\u003e"
}
],
"value": "RISS SRL did not respond to CISA\u0027s request for coordination. Users of \nRISS MOMA Seismic Station are encouraged to contact RISS SRL \n(info@riss-srl.com) for more information."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-1632",
"datePublished": "2026-02-03T22:59:32.539Z",
"dateReserved": "2026-01-29T16:00:44.404Z",
"dateUpdated": "2026-02-04T20:17:57.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1341 (GCVE-0-2026-1341)
Vulnerability from cvelistv5 – Published: 2026-02-03 21:26 – Updated: 2026-02-04 16:47
VLAI?
Title
Missing Authentication for Critical Function in Avation Light Engine Pro
Summary
Avation Light Engine Pro exposes its configuration and control interface without any authentication or access control.
Severity ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Avation | Avation Light Engine Pro |
Affected:
All
|
Credits
Souvik Kandar reported this vulnerability to CISA
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1341",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-04T16:46:08.187019Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T16:47:32.531Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Avation Light Engine Pro",
"vendor": "Avation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Souvik Kandar reported this vulnerability to CISA"
}
],
"datePublic": "2026-02-03T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAvation Light Engine Pro exposes its configuration and control interface without any authentication or access control.\u003c/span\u003e"
}
],
"value": "Avation Light Engine Pro exposes its configuration and control interface without any authentication or access control."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T21:26:41.708Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-034-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(245, 250, 252);\"\u003eAvation has not responded to CISA\u0027s request to coordinate. Users of Avation Light Engine Pro are encouraged to contact Avation for more information.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Avation has not responded to CISA\u0027s request to coordinate. Users of Avation Light Engine Pro are encouraged to contact Avation for more information."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Authentication for Critical Function in Avation Light Engine Pro",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-1341",
"datePublished": "2026-02-03T21:26:41.708Z",
"dateReserved": "2026-01-22T15:06:19.135Z",
"dateUpdated": "2026-02-04T16:47:32.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1453 (GCVE-0-2026-1453)
Vulnerability from cvelistv5 – Published: 2026-01-29 19:02 – Updated: 2026-01-29 20:28
VLAI?
Title
Missing Authentication for Critical Function in KiloView Encoder Series
Summary
A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete administrator accounts. This vulnerability can grant the attacker full administrative control over the product.
Severity ?
9.8 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| KiloView | Encoder Series E1 hardware Version 1.4 |
Affected:
4.7.2516
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Muhammad Ammar (0xam225) reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1453",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-29T20:28:37.966375Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-29T20:28:55.866Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Encoder Series E1 hardware Version 1.4",
"vendor": "KiloView",
"versions": [
{
"status": "affected",
"version": "4.7.2516"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Encoder Series E1 hardware Version 1.6.20",
"vendor": "KiloView",
"versions": [
{
"status": "affected",
"version": "4.7.2511"
},
{
"status": "affected",
"version": "4.8.2523"
},
{
"status": "affected",
"version": "4.8.2611"
},
{
"status": "affected",
"version": "4.6.2400"
},
{
"status": "affected",
"version": "4.7.2512"
},
{
"status": "affected",
"version": "4.8.2561"
},
{
"status": "affected",
"version": "4.8.2554"
},
{
"status": "affected",
"version": "4.3.2029"
},
{
"status": "affected",
"version": "4.8.2555"
},
{
"status": "affected",
"version": "4.6.2408"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Encoder Series E1-s hardware Version 1.4",
"vendor": "KiloView",
"versions": [
{
"status": "affected",
"version": "4.7.2516"
},
{
"status": "affected",
"version": "4.8.2519"
},
{
"status": "affected",
"version": "4.8.2525"
},
{
"status": "affected",
"version": "4.8.2611"
},
{
"status": "affected",
"version": "4.8.2561"
},
{
"status": "affected",
"version": "4.8.2554"
},
{
"status": "affected",
"version": "4.8.2523"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Encoder Series E2 hardware Version 1.7.20",
"vendor": "KiloView",
"versions": [
{
"status": "affected",
"version": "4.8.2611"
},
{
"status": "affected",
"version": "4.8.2561"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Encoder Series E2 hardware Version 1.8.20",
"vendor": "KiloView",
"versions": [
{
"status": "affected",
"version": "4.8.2523"
},
{
"status": "affected",
"version": "4.8.2611"
},
{
"status": "affected",
"version": "4.8.2554"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Encoder Series G1 hardware Version 1.6.20",
"vendor": "KiloView",
"versions": [
{
"status": "affected",
"version": "4.8.2561"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Encoder Series P1 hardware Version 1.3.20",
"vendor": "KiloView",
"versions": [
{
"status": "affected",
"version": "4.8.2633"
},
{
"status": "affected",
"version": "4.8.2608"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Encoder Series P2 hardware Version 1.8.20",
"vendor": "KiloView",
"versions": [
{
"status": "affected",
"version": "4.8.2633"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Encoder Series RE1 hardware Version 2.0.00",
"vendor": "KiloView",
"versions": [
{
"status": "affected",
"version": "4.7.2513"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Encoder Series RE1 hardware Version 3.0.00",
"vendor": "KiloView",
"versions": [
{
"status": "affected",
"version": "4.8.2519"
},
{
"status": "affected",
"version": "4.8.2561"
},
{
"status": "affected",
"version": "4.8.2611"
},
{
"status": "affected",
"version": "4.8.2525"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Muhammad Ammar (0xam225) reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete administrator accounts. This vulnerability can grant the attacker full administrative control over the product.\u003cbr\u003e"
}
],
"value": "A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete administrator accounts. This vulnerability can grant the attacker full administrative control over the product."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"other": {
"content": {
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CNA",
"version": "2.0.3"
},
"type": "ssvc"
},
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-29T19:02:26.431Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-029-01"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-029-01.json"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Authentication for Critical Function in KiloView Encoder Series",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "KiloView has not responded to requests to work with CISA to mitigate \nthis vulnerability. Users of affected versions of KiloView Encoder \nSeries are invited to contact KiloView customer support for additional \ninformation.\n\n\u003cbr\u003e"
}
],
"value": "KiloView has not responded to requests to work with CISA to mitigate \nthis vulnerability. Users of affected versions of KiloView Encoder \nSeries are invited to contact KiloView customer support for additional \ninformation."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-1453",
"datePublished": "2026-01-29T19:02:26.431Z",
"dateReserved": "2026-01-26T19:48:46.732Z",
"dateUpdated": "2026-01-29T20:28:55.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14988 (GCVE-0-2025-14988)
Vulnerability from cvelistv5 – Published: 2026-01-27 20:08 – Updated: 2026-01-27 20:51
VLAI?
Title
Incorrect Permission Assignment for Critical Resource vulnerability in iba Systems ibaPDA
Summary
A security issue has been identified in ibaPDA that could allow unauthorized actions on the file system under certain conditions. This may impact the confidentiality, integrity, or availability of the system.
Severity ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| iba Systems | ibaPDA |
Affected:
8.12.0
|
Credits
Siemens reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14988",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-27T20:33:02.951829Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T20:51:36.885Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ibaPDA",
"vendor": "iba Systems",
"versions": [
{
"status": "affected",
"version": "8.12.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Siemens reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA security issue has been identified in ibaPDA that could allow unauthorized actions on the file system under certain conditions. This may impact the confidentiality, integrity, or availability of the system.\u003c/span\u003e"
}
],
"value": "A security issue has been identified in ibaPDA that could allow unauthorized actions on the file system under certain conditions. This may impact the confidentiality, integrity, or availability of the system."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T20:08:54.853Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "iba Systems recommends users update to ibaPDA v8.12.1 or a later version.\u003cbr\u003e\u003cbr\u003eIf Installing the update is not possible, iba Systems recommends users: \u003cbr\u003e\u003cbr\u003e* Enable User Management: \u003cbr\u003eTo activate user management, navigate to User Management settings under the Configure option. Set a password for the admin user to enable user management.\u003cbr\u003e\u003cbr\u003eConfigure Server Access: \u003cbr\u003eTo configure, open Server Access Manager (found under Configure in the ibaPDA Client). Set the configuration to restrict access. For example, only 127.0.0.1 (localhost) or specific system IP addresses to communicate with ibaPDA can connect to the ibaPDA Server. (In this example, only connections from localhost are permitted to access ibaPDA.)\u003cbr\u003e\u003cbr\u003eRestrict Connections to Localhost (if ibaPDA is only accessed from the system where it runs): \u003cbr\u003e* Go to I/O Manager, then General, and deactivate the option \u201cAutomatically open necessary ports in Windows Firewall.\u201d (If this option remains active, after a restart of ibaPDA or a restart for data acquisition, the firewall will be reconfigured automatically.)\u003cbr\u003e* Then, go to Advanced Windows Firewall settings and delete or deactivate all incoming rules for the ibaPDA Client and Server.\u003cbr\u003e* Manually create firewall rules for the connection used for ibaPDA and verify that the correct ports are configured. For assistance with identifying the ports used by the ibaPDA service can be found in the iba Help Center.\u003cbr\u003e* Note: After making the changes, verify that all ibaPDA services are operating as expected and that the data acquisition is functioning correctly.\u003cbr\u003e"
}
],
"value": "iba Systems recommends users update to ibaPDA v8.12.1 or a later version.\n\nIf Installing the update is not possible, iba Systems recommends users: \n\n* Enable User Management: \nTo activate user management, navigate to User Management settings under the Configure option. Set a password for the admin user to enable user management.\n\nConfigure Server Access: \nTo configure, open Server Access Manager (found under Configure in the ibaPDA Client). Set the configuration to restrict access. For example, only 127.0.0.1 (localhost) or specific system IP addresses to communicate with ibaPDA can connect to the ibaPDA Server. (In this example, only connections from localhost are permitted to access ibaPDA.)\n\nRestrict Connections to Localhost (if ibaPDA is only accessed from the system where it runs): \n* Go to I/O Manager, then General, and deactivate the option \u201cAutomatically open necessary ports in Windows Firewall.\u201d (If this option remains active, after a restart of ibaPDA or a restart for data acquisition, the firewall will be reconfigured automatically.)\n* Then, go to Advanced Windows Firewall settings and delete or deactivate all incoming rules for the ibaPDA Client and Server.\n* Manually create firewall rules for the connection used for ibaPDA and verify that the correct ports are configured. For assistance with identifying the ports used by the ibaPDA service can be found in the iba Help Center.\n* Note: After making the changes, verify that all ibaPDA services are operating as expected and that the data acquisition is functioning correctly."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Incorrect Permission Assignment for Critical Resource vulnerability in iba Systems ibaPDA",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-14988",
"datePublished": "2026-01-27T20:08:54.853Z",
"dateReserved": "2025-12-19T20:07:46.829Z",
"dateUpdated": "2026-01-27T20:51:36.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54816 (GCVE-0-2025-54816)
Vulnerability from cvelistv5 – Published: 2026-01-22 22:40 – Updated: 2026-01-23 20:12
VLAI?
Title
EVMAPA Missing Authentication for Critical Function
Summary
This vulnerability occurs when a WebSocket endpoint does not enforce
proper authentication mechanisms, allowing unauthorized users to
establish connections. As a result, attackers can exploit this weakness
to gain unauthorized access to sensitive data or perform unauthorized
actions. Given that no authentication is required, this can lead to
privilege escalation and potentially compromise the security of the
entire system.
Severity ?
9.4 (Critical)
CWE
Assigner
References
Credits
Khaled Sarieddine and Mohammad Ali Sayed reported these vulnerabilities to CISA
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54816",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-23T20:11:52.287743Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-23T20:12:02.940Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EVMAPA",
"vendor": "EVMAPA",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Khaled Sarieddine and Mohammad Ali Sayed reported these vulnerabilities to CISA"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability occurs when a WebSocket endpoint does not enforce \nproper authentication mechanisms, allowing unauthorized users to \nestablish connections. As a result, attackers can exploit this weakness \nto gain unauthorized access to sensitive data or perform unauthorized \nactions. Given that no authentication is required, this can lead to \nprivilege escalation and potentially compromise the security of the \nentire system.\n\n\u003cbr\u003e"
}
],
"value": "This vulnerability occurs when a WebSocket endpoint does not enforce \nproper authentication mechanisms, allowing unauthorized users to \nestablish connections. As a result, attackers can exploit this weakness \nto gain unauthorized access to sensitive data or perform unauthorized \nactions. Given that no authentication is required, this can lead to \nprivilege escalation and potentially compromise the security of the \nentire system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T22:40:55.625Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-08"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-022-08.json"
}
],
"source": {
"advisory": "ICSA-26-022-08",
"discovery": "EXTERNAL"
},
"title": "EVMAPA Missing Authentication for Critical Function",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "EVMAPA informed CISA some of their charging stations do not allow \nchanges to the authorization key using the Open Charge Point Protocol \n(OCPP). Currently, charge point operators have the option to connect \nstations using WebSocket Secure (WSS), and EVMAPA connects stations they\n supply via their own VPN. For OCPP 2.x and newer stations, EVMAPA plans\n to implement BASIC authorization control."
}
],
"value": "EVMAPA informed CISA some of their charging stations do not allow \nchanges to the authorization key using the Open Charge Point Protocol \n(OCPP). Currently, charge point operators have the option to connect \nstations using WebSocket Secure (WSS), and EVMAPA connects stations they\n supply via their own VPN. For OCPP 2.x and newer stations, EVMAPA plans\n to implement BASIC authorization control."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-54816",
"datePublished": "2026-01-22T22:40:55.625Z",
"dateReserved": "2025-08-20T20:20:15.065Z",
"dateUpdated": "2026-01-23T20:12:02.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-53968 (GCVE-0-2025-53968)
Vulnerability from cvelistv5 – Published: 2026-01-22 22:37 – Updated: 2026-01-23 20:11
VLAI?
Title
EVMAPA Improper Restriction of Excessive Authentication Attempts
Summary
This vulnerability arises because there are no limitations on the number
of authentication attempts a user can make. An attacker can exploit
this weakness by continuously sending authentication requests, leading
to a denial-of-service (DoS) condition. This can overwhelm the
authentication system, rendering it unavailable to legitimate users and
potentially causing service disruption. This can also allow attackers to
conduct brute-force attacks to gain unauthorized access.
Severity ?
7.5 (High)
CWE
Assigner
References
Credits
Khaled Sarieddine and Mohammad Ali Sayed reported these vulnerabilities to CISA
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53968",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-23T20:11:20.099000Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-23T20:11:29.349Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EVMAPA",
"vendor": "EVMAPA",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Khaled Sarieddine and Mohammad Ali Sayed reported these vulnerabilities to CISA"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability arises because there are no limitations on the number\n of authentication attempts a user can make. An attacker can exploit \nthis weakness by continuously sending authentication requests, leading \nto a denial-of-service (DoS) condition. This can overwhelm the \nauthentication system, rendering it unavailable to legitimate users and \npotentially causing service disruption. This can also allow attackers to\n conduct brute-force attacks to gain unauthorized access.\n\n\u003cbr\u003e"
}
],
"value": "This vulnerability arises because there are no limitations on the number\n of authentication attempts a user can make. An attacker can exploit \nthis weakness by continuously sending authentication requests, leading \nto a denial-of-service (DoS) condition. This can overwhelm the \nauthentication system, rendering it unavailable to legitimate users and \npotentially causing service disruption. This can also allow attackers to\n conduct brute-force attacks to gain unauthorized access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T22:37:36.978Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-08"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-022-08.json"
}
],
"source": {
"advisory": "ICSA-26-022-08",
"discovery": "EXTERNAL"
},
"title": "EVMAPA Improper Restriction of Excessive Authentication Attempts",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "EVMAPA did not release a statement regarding this vulnerability. Contact EVMAPA directly for more information.\n\n\u003cbr\u003e"
}
],
"value": "EVMAPA did not release a statement regarding this vulnerability. Contact EVMAPA directly for more information."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-53968",
"datePublished": "2026-01-22T22:37:36.978Z",
"dateReserved": "2025-08-20T20:20:15.044Z",
"dateUpdated": "2026-01-23T20:11:29.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-55705 (GCVE-0-2025-55705)
Vulnerability from cvelistv5 – Published: 2026-01-22 22:32 – Updated: 2026-01-23 20:10
VLAI?
Title
EVMAPA Insufficient Session Expiration
Summary
This vulnerability occurs when the system permits multiple simultaneous
connections to the backend using the same charging station ID. This can
result in unauthorized access, data inconsistency, or potential
manipulation of charging sessions. The lack of proper session management
and expiration control allows attackers to exploit this weakness by
reusing valid charging station IDs to establish multiple sessions
concurrently.
Severity ?
7.3 (High)
CWE
Assigner
References
Credits
Khaled Sarieddine and Mohammad Ali Sayed reported these vulnerabilities to CISA
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55705",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-23T20:10:35.019479Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-23T20:10:44.688Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EVMAPA",
"vendor": "EVMAPA",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Khaled Sarieddine and Mohammad Ali Sayed reported these vulnerabilities to CISA"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability occurs when the system permits multiple simultaneous \nconnections to the backend using the same charging station ID. This can \nresult in unauthorized access, data inconsistency, or potential \nmanipulation of charging sessions. The lack of proper session management\n and expiration control allows attackers to exploit this weakness by \nreusing valid charging station IDs to establish multiple sessions \nconcurrently."
}
],
"value": "This vulnerability occurs when the system permits multiple simultaneous \nconnections to the backend using the same charging station ID. This can \nresult in unauthorized access, data inconsistency, or potential \nmanipulation of charging sessions. The lack of proper session management\n and expiration control allows attackers to exploit this weakness by \nreusing valid charging station IDs to establish multiple sessions \nconcurrently."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T22:32:48.138Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-08"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-022-08.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "EVMAPA informed CISA they have resolved this issue and do not allow \nsimultaneous connection of charging stations with the same CBID.\n\n\u003cbr\u003e"
}
],
"value": "EVMAPA informed CISA they have resolved this issue and do not allow \nsimultaneous connection of charging stations with the same CBID."
}
],
"source": {
"advisory": "ICSA-26-022-08",
"discovery": "EXTERNAL"
},
"title": "EVMAPA Insufficient Session Expiration",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-55705",
"datePublished": "2026-01-22T22:32:48.138Z",
"dateReserved": "2025-08-20T20:20:15.075Z",
"dateUpdated": "2026-01-23T20:10:44.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-25051 (GCVE-0-2025-25051)
Vulnerability from cvelistv5 – Published: 2026-01-22 22:21 – Updated: 2026-01-23 20:10
VLAI?
Title
AutomationDirect CLICK Programmable Logic Controller Plaintext Storage of a Password
Summary
An attacker could decrypt sensitive data, impersonate legitimate users
or devices, and potentially gain access to network resources for lateral
attacks.
Severity ?
6.1 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AutomationDirect | CLICK Programmable Logic Controller |
Affected:
C0-0x
Affected: C0-1x Affected: C2-x Unaffected: V3.90 |
Credits
Dylan Chambers Bourgeois of Triskele Labs reported these vulnerabilities to CISA
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25051",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-23T20:09:56.650718Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-23T20:10:07.680Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CLICK Programmable Logic Controller",
"vendor": "AutomationDirect",
"versions": [
{
"status": "affected",
"version": "C0-0x"
},
{
"status": "affected",
"version": "C0-1x"
},
{
"status": "affected",
"version": "C2-x"
},
{
"status": "unaffected",
"version": "V3.90"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dylan Chambers Bourgeois of Triskele Labs reported these vulnerabilities to CISA"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An attacker could decrypt sensitive data, impersonate legitimate users \nor devices, and potentially gain access to network resources for lateral\n attacks."
}
],
"value": "An attacker could decrypt sensitive data, impersonate legitimate users \nor devices, and potentially gain access to network resources for lateral\n attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T22:21:17.674Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-02"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-022-02.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "AutomationDirect recommends that users update CLICK PLUS and firmware to V3.90.\n\n\u003cbr\u003e"
}
],
"value": "AutomationDirect recommends that users update CLICK PLUS and firmware to V3.90."
}
],
"source": {
"advisory": "ICSA-26-022-02",
"discovery": "EXTERNAL"
},
"title": "AutomationDirect CLICK Programmable Logic Controller Plaintext Storage of a Password",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIf the update cannot be applied right away, the following \ncompensating controls are recommended until the upgrade can be \nperformed:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eNetwork Isolation \u2013 Disconnect the \nCLICK PLUS PLC from external networks (e.g., the internet or corporate \nLAN) to reduce exposure.\u003c/li\u003e\u003cli\u003eSecure Communications \u2013 Use only trusted, dedicated internal networks or air-gapped systems for device communication.\u003c/li\u003e\u003cli\u003eAccess Control \u2013 Restrict both physical and logical access to authorized personnel only.\u003c/li\u003e\u003cli\u003eApplication Whitelisting \u2013 Configure \nwhitelisting so that only trusted, pre-approved applications are allowed\n to run. Block any unauthorized software.\u003c/li\u003e\u003cli\u003eEndpoint Protection \u2013 Use antivirus or EDR tools and configure host-based firewalls to block unauthorized access attempts.\u003c/li\u003e\u003cli\u003eLogging \u0026amp; Monitoring \u2013 Enable and regularly review system logs to detect suspicious or unauthorized activity.\u003c/li\u003e\u003cli\u003eBackup \u0026amp; Recovery \u2013 Maintain \nsecure, tested backups of the PLC and its configurations to minimize \ndowntime in case of an incident.\u003c/li\u003e\u003cli\u003eOngoing Risk Assessment \u2013 Continuously\n evaluate risks associated with running outdated firmware and adjust \ncompensating measures accordingly.\u003c/li\u003e\u003c/ul\u003e\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "If the update cannot be applied right away, the following \ncompensating controls are recommended until the upgrade can be \nperformed:\n\n\n * Network Isolation \u2013 Disconnect the \nCLICK PLUS PLC from external networks (e.g., the internet or corporate \nLAN) to reduce exposure.\n * Secure Communications \u2013 Use only trusted, dedicated internal networks or air-gapped systems for device communication.\n * Access Control \u2013 Restrict both physical and logical access to authorized personnel only.\n * Application Whitelisting \u2013 Configure \nwhitelisting so that only trusted, pre-approved applications are allowed\n to run. Block any unauthorized software.\n * Endpoint Protection \u2013 Use antivirus or EDR tools and configure host-based firewalls to block unauthorized access attempts.\n * Logging \u0026 Monitoring \u2013 Enable and regularly review system logs to detect suspicious or unauthorized activity.\n * Backup \u0026 Recovery \u2013 Maintain \nsecure, tested backups of the PLC and its configurations to minimize \ndowntime in case of an incident.\n * Ongoing Risk Assessment \u2013 Continuously\n evaluate risks associated with running outdated firmware and adjust \ncompensating measures accordingly."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-25051",
"datePublished": "2026-01-22T22:21:17.674Z",
"dateReserved": "2025-02-05T15:36:40.953Z",
"dateUpdated": "2026-01-23T20:10:07.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-67652 (GCVE-0-2025-67652)
Vulnerability from cvelistv5 – Published: 2026-01-22 22:17 – Updated: 2026-01-23 20:15
VLAI?
Title
AutomationDirect CLICK Programmable Logic Controller Weak Encoding for Password
Summary
An attacker with access to the project file could use the exposed
credentials to impersonate users, escalate privileges, or gain
unauthorized access to systems and services. The absence of robust
encryption or secure handling mechanisms increases the likelihood of
this type of exploitation, leaving sensitive information more
vulnerable.
Severity ?
6.1 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AutomationDirect | CLICK Programmable Logic Controller |
Affected:
C0-0x
Affected: C0-1x Affected: C2-x Unaffected: V3.90 |
Credits
Dylan Chambers Bourgeois of Triskele Labs reported these vulnerabilities to CISA
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-67652",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-23T20:15:20.691548Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-23T20:15:30.472Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CLICK Programmable Logic Controller",
"vendor": "AutomationDirect",
"versions": [
{
"status": "affected",
"version": "C0-0x"
},
{
"status": "affected",
"version": "C0-1x"
},
{
"status": "affected",
"version": "C2-x"
},
{
"status": "unaffected",
"version": "V3.90"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dylan Chambers Bourgeois of Triskele Labs reported these vulnerabilities to CISA"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An attacker with access to the project file could use the exposed \ncredentials to impersonate users, escalate privileges, or gain \nunauthorized access to systems and services. The absence of robust \nencryption or secure handling mechanisms increases the likelihood of \nthis type of exploitation, leaving sensitive information more \nvulnerable."
}
],
"value": "An attacker with access to the project file could use the exposed \ncredentials to impersonate users, escalate privileges, or gain \nunauthorized access to systems and services. The absence of robust \nencryption or secure handling mechanisms increases the likelihood of \nthis type of exploitation, leaving sensitive information more \nvulnerable."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-261",
"description": "CWE-261",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T22:17:53.763Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-02"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-022-02.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "AutomationDirect recommends that users update CLICK PLUS and firmware to V3.90.\n\n\u003cbr\u003e"
}
],
"value": "AutomationDirect recommends that users update CLICK PLUS and firmware to V3.90."
}
],
"source": {
"advisory": "ICSA-26-022-02",
"discovery": "EXTERNAL"
},
"title": "AutomationDirect CLICK Programmable Logic Controller Weak Encoding for Password",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIf the update cannot be applied right away, the following \ncompensating controls are recommended until the upgrade can be \nperformed:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eNetwork Isolation \u2013 Disconnect the \nCLICK PLUS PLC from external networks (e.g., the internet or corporate \nLAN) to reduce exposure.\u003c/li\u003e\u003cli\u003eSecure Communications \u2013 Use only trusted, dedicated internal networks or air-gapped systems for device communication.\u003c/li\u003e\u003cli\u003eAccess Control \u2013 Restrict both physical and logical access to authorized personnel only.\u003c/li\u003e\u003cli\u003eApplication Whitelisting \u2013 Configure \nwhitelisting so that only trusted, pre-approved applications are allowed\n to run. Block any unauthorized software.\u003c/li\u003e\u003cli\u003eEndpoint Protection \u2013 Use antivirus or EDR tools and configure host-based firewalls to block unauthorized access attempts.\u003c/li\u003e\u003cli\u003eLogging \u0026amp; Monitoring \u2013 Enable and regularly review system logs to detect suspicious or unauthorized activity.\u003c/li\u003e\u003cli\u003eBackup \u0026amp; Recovery \u2013 Maintain \nsecure, tested backups of the PLC and its configurations to minimize \ndowntime in case of an incident.\u003c/li\u003e\u003cli\u003eOngoing Risk Assessment \u2013 Continuously\n evaluate risks associated with running outdated firmware and adjust \ncompensating measures accordingly.\u003c/li\u003e\u003c/ul\u003e\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "If the update cannot be applied right away, the following \ncompensating controls are recommended until the upgrade can be \nperformed:\n\n\n * Network Isolation \u2013 Disconnect the \nCLICK PLUS PLC from external networks (e.g., the internet or corporate \nLAN) to reduce exposure.\n * Secure Communications \u2013 Use only trusted, dedicated internal networks or air-gapped systems for device communication.\n * Access Control \u2013 Restrict both physical and logical access to authorized personnel only.\n * Application Whitelisting \u2013 Configure \nwhitelisting so that only trusted, pre-approved applications are allowed\n to run. Block any unauthorized software.\n * Endpoint Protection \u2013 Use antivirus or EDR tools and configure host-based firewalls to block unauthorized access attempts.\n * Logging \u0026 Monitoring \u2013 Enable and regularly review system logs to detect suspicious or unauthorized activity.\n * Backup \u0026 Recovery \u2013 Maintain \nsecure, tested backups of the PLC and its configurations to minimize \ndowntime in case of an incident.\n * Ongoing Risk Assessment \u2013 Continuously\n evaluate risks associated with running outdated firmware and adjust \ncompensating measures accordingly."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-67652",
"datePublished": "2026-01-22T22:17:53.763Z",
"dateReserved": "2025-12-09T20:15:49.604Z",
"dateUpdated": "2026-01-23T20:15:30.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1201 (GCVE-0-2026-1201)
Vulnerability from cvelistv5 – Published: 2026-01-22 21:52 – Updated: 2026-01-29 16:51
VLAI?
Title
Authorization Bypass Through User-Controlled Key in Hubitat Elevation Hubs
Summary
An Authorization Bypass Through User-Controlled Key vulnerability in Hubitat Elevation home automation controllers prior to version 2.4.2.157 could allow a remote authenticated user to control connected devices outside of their authorized scope via client-side request manipulation.
Severity ?
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Hubitat | Elevation C3 |
Affected:
0 , < 2.4.2.157
(custom)
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
Credits
Aaron 'theHastyOne' Hasty of Ostrich Lab reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1201",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-23T20:12:37.957880Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-23T20:12:48.249Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Elevation C3",
"vendor": "Hubitat",
"versions": [
{
"lessThan": "2.4.2.157",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Elevation C4",
"vendor": "Hubitat",
"versions": [
{
"lessThan": "2.4.2.157",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Elevation C5",
"vendor": "Hubitat",
"versions": [
{
"lessThan": "2.4.2.157",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Elevation C7",
"vendor": "Hubitat",
"versions": [
{
"lessThan": "2.4.2.157",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Elevation C8",
"vendor": "Hubitat",
"versions": [
{
"lessThan": "2.4.2.157",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Elevation C8 pro",
"vendor": "Hubitat",
"versions": [
{
"lessThan": "2.4.2.157",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aaron \u0027theHastyOne\u0027 Hasty of Ostrich Lab reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Authorization Bypass Through User-Controlled Key vulnerability in Hubitat Elevation home automation controllers prior to version 2.4.2.157 could allow a remote authenticated user to control connected devices outside of their authorized scope via client-side request manipulation.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "An Authorization Bypass Through User-Controlled Key vulnerability in Hubitat Elevation home automation controllers prior to version 2.4.2.157 could allow a remote authenticated user to control connected devices outside of their authorized scope via client-side request manipulation."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-29T16:51:31.043Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-06"
},
{
"tags": [
"technical-description",
"related"
],
"url": "https://ostrichlab.io/research-blog/?post=hubitat_writeup"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Hubitat has released the following for users to implement:\u003cbr\u003e\u003cbr\u003e* Firmware version [2.4.2.157](\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://community.hubitat.com/t/release-2-4-2-available/154531/10\"\u003ehttps://community.hubitat.com/t/release-2-4-2-available/154531/10\u003c/a\u003e)\u003cbr\u003e"
}
],
"value": "Hubitat has released the following for users to implement:\n\n* Firmware version [2.4.2.157]( https://community.hubitat.com/t/release-2-4-2-available/154531/10 )"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authorization Bypass Through User-Controlled Key in Hubitat Elevation Hubs",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-1201",
"datePublished": "2026-01-22T21:52:01.011Z",
"dateReserved": "2026-01-19T14:29:21.551Z",
"dateUpdated": "2026-01-29T16:51:31.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14751 (GCVE-0-2025-14751)
Vulnerability from cvelistv5 – Published: 2026-01-22 21:42 – Updated: 2026-01-26 21:02
VLAI?
Title
Unverified Password Change in Weintek cMT X Series HMI EasyWeb Service
Summary
A low-privileged user can bypass account credentials without confirming the user's current authentication state, which may lead to unauthorized privilege escalation.
Severity ?
CWE
- CWE-620 - Unverified Password Change
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Weintek | cMT3072XH |
Affected:
20200630 , < 20241112
(custom)
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
Joel Aviad Ossi of WebSec B.V reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14751",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-26T21:01:59.502514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-26T21:02:09.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "cMT3072XH",
"vendor": "Weintek",
"versions": [
{
"lessThan": "20241112",
"status": "affected",
"version": "20200630",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "cMT3072XH(T)",
"vendor": "Weintek",
"versions": [
{
"lessThan": "20241112",
"status": "affected",
"version": "20200630",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "cMT-SVRX-820",
"vendor": "Weintek",
"versions": [
{
"lessThan": "20240919",
"status": "affected",
"version": "20220413",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "cMT-CTRL01",
"vendor": "Weintek",
"versions": [
{
"lessThan": "20250827",
"status": "affected",
"version": "20230308",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joel Aviad Ossi of WebSec B.V reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A low-privileged user can bypass account credentials without confirming the user\u0027s current authentication state, which may lead to unauthorized privilege escalation.\u003cbr\u003e"
}
],
"value": "A low-privileged user can bypass account credentials without confirming the user\u0027s current authentication state, which may lead to unauthorized privilege escalation."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "CWE-620 Unverified Password Change",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T21:42:50.871Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-05"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Weintek recommends users implement the following mitigation techniques: \u003cbr\u003e\u003cbr\u003e* cMT3072XH: Version 20241112\u003cbr\u003e* cMT3072XH(T): Version 20241112\u003cbr\u003e* cMT-SVRX-820: Version 20240919\u003cbr\u003e* cMT-CTRL01: Version 20250827\u003cbr\u003e\u003cbr\u003eFor more information, see Weintek\u0027s planned notice: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://dl.weintek.com/public/Document/TEC/TEC25003E_cMT_EasyWeb_V2_Security_Issues.pdf\"\u003ehttps://dl.weintek.com/public/Document/TEC/TEC25003E_cMT_EasyWeb_V2_Security_Issues.pdf\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "Weintek recommends users implement the following mitigation techniques: \n\n* cMT3072XH: Version 20241112\n* cMT3072XH(T): Version 20241112\n* cMT-SVRX-820: Version 20240919\n* cMT-CTRL01: Version 20250827\n\nFor more information, see Weintek\u0027s planned notice: https://dl.weintek.com/public/Document/TEC/TEC25003E_cMT_EasyWeb_V2_Security_Issues.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unverified Password Change in Weintek cMT X Series HMI EasyWeb Service",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-14751",
"datePublished": "2026-01-22T21:42:50.871Z",
"dateReserved": "2025-12-15T20:40:05.015Z",
"dateUpdated": "2026-01-26T21:02:09.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}