Search criteria
3482 vulnerabilities
CVE-2025-13373 (GCVE-0-2025-13373)
Vulnerability from cvelistv5 – Published: 2025-12-04 22:50 – Updated: 2025-12-04 22:50
VLAI?
Summary
Advantech iView versions 5.7.05.7057 and prior do not properly sanitize SNMP v1 trap (Port 162) requests, which could allow an attacker to inject SQL commands.
Severity ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Credits
m00nback reported this vulnerability to CISA.
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iView",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "5.7.05.7057"
},
{
"status": "unaffected",
"version": "5.8.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "m00nback reported this vulnerability to CISA."
}
],
"datePublic": "2025-12-04T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAdvantech iView versions 5.7.05.7057 and prior do not properly sanitize SNMP v1 trap (Port 162) requests, which could allow an attacker to inject SQL commands.\u003c/span\u003e"
}
],
"value": "Advantech iView versions 5.7.05.7057 and prior do not properly sanitize SNMP v1 trap (Port 162) requests, which could allow an attacker to inject SQL commands."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T22:50:36.079Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.advantech.com/zh-tw/support/details/firmware?id=1-HIPU-183"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-07"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-338-07.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAdvantech recommends users update to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.advantech.com/zh-tw/support/details/firmware?id=1-HIPU-183\"\u003eiView v5.8.1\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Advantech recommends users update to iView v5.8.1 https://www.advantech.com/zh-tw/support/details/firmware ."
}
],
"source": {
"advisory": "ICSA-25-338-07",
"discovery": "EXTERNAL"
},
"title": "Advantech iView SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-13373",
"datePublished": "2025-12-04T22:50:36.079Z",
"dateReserved": "2025-11-18T18:48:07.936Z",
"dateUpdated": "2025-12-04T22:50:36.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-53704 (GCVE-0-2025-53704)
Vulnerability from cvelistv5 – Published: 2025-12-04 21:44 – Updated: 2025-12-04 21:44
VLAI?
Summary
The password reset mechanism for the Pivot client application is weak, and it may allow an attacker to take over the account.
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MAXHUB | Pivot client application |
Affected:
0 , < 1.36.2
(custom)
Unaffected: 1.36.2 |
Credits
Malik MAKKES of Abicom Groupe OCI reported this vulnerability to MAXHUB.
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pivot client application",
"vendor": "MAXHUB",
"versions": [
{
"lessThan": "1.36.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.36.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Malik MAKKES of Abicom Groupe OCI reported this vulnerability to MAXHUB."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe password reset mechanism for the Pivot client application is weak, and it may allow an attacker to take over the account.\u003c/span\u003e"
}
],
"value": "The password reset mechanism for the Pivot client application is weak, and it may allow an attacker to take over the account."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T21:44:06.466Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.maxhub.com/en/support/"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-02"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-338-02.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMAXHUB recommends users to upgrade the Pivot client application to v1.36.2 or newer. For more information, see the \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.maxhub.com/en/support/\"\u003eMAXHUB support page.\u003c/a\u003e\n\n\u003cbr\u003e"
}
],
"value": "MAXHUB recommends users to upgrade the Pivot client application to v1.36.2 or newer. For more information, see the MAXHUB support page. https://www.maxhub.com/en/support/"
}
],
"source": {
"advisory": "ICSA-25-338-02",
"discovery": "UNKNOWN"
},
"title": "MAXHUB Pivot Weak Password Recovery Mechanism for Forgotten Password",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-53704",
"datePublished": "2025-12-04T21:44:06.466Z",
"dateReserved": "2025-07-30T19:03:10.106Z",
"dateUpdated": "2025-12-04T21:44:06.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13932 (GCVE-0-2025-13932)
Vulnerability from cvelistv5 – Published: 2025-12-04 21:17 – Updated: 2025-12-04 23:02
VLAI?
Summary
The SolisCloud API suffers from a Broken Access Control vulnerability, specifically an Insecure Direct Object Reference (IDOR), where any authenticated user can access detailed data of any plant by altering the plant_id in the request.
Severity ?
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolisCloud | Monitoring Platform (Cloud API & Device Control API) |
Affected:
API v1
Affected: API v2 |
Credits
James Gallagher (@5G)
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Monitoring Platform (Cloud API \u0026 Device Control API)",
"vendor": "SolisCloud",
"versions": [
{
"status": "affected",
"version": "API v1"
},
{
"status": "affected",
"version": "API v2"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "James Gallagher (@5G)"
}
],
"datePublic": "2025-12-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The SolisCloud API suffers from a Broken Access Control vulnerability, specifically an Insecure Direct Object Reference (IDOR), where any authenticated user can access detailed data of any plant by altering the plant_id in the request."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"other": {
"content": {
"id": "CVE-2025-13932",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-04T23:02:31.575317Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T23:02:41.998Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "url",
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-06"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-13932",
"datePublished": "2025-12-04T21:17:03.206Z",
"dateReserved": "2025-12-02T21:57:28.248Z",
"dateUpdated": "2025-12-04T23:02:41.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66238 (GCVE-0-2025-66238)
Vulnerability from cvelistv5 – Published: 2025-12-04 21:10 – Updated: 2025-12-04 21:10
VLAI?
Summary
DCIM dcTrack allows an attacker to misuse certain remote access features. An authenticated user with access to the appliance's virtual console could exploit these features to redirect network traffic, potentially accessing restricted services or data on the host machine.
Severity ?
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Sunbird | DCIM dcTrack |
Affected:
0 , ≤ v9.2.0
(custom)
Unaffected: 9.2.3 |
||
Credits
notnotnotveg (notnotnotveg@gmail.com) reported these vulnerabilities to CISA.
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DCIM dcTrack",
"vendor": "Sunbird",
"versions": [
{
"lessThanOrEqual": "v9.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "9.2.3"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IQ",
"vendor": "Sunbird",
"versions": [
{
"lessThanOrEqual": "v9.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "9.2.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "notnotnotveg (notnotnotveg@gmail.com) reported these vulnerabilities to CISA."
}
],
"datePublic": "2025-12-04T17:01:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDCIM dcTrack allows an attacker to misuse certain remote access features. An authenticated user with access to the appliance\u0027s virtual console could exploit these features to redirect network traffic, potentially accessing restricted services or data on the host machine.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "DCIM dcTrack allows an attacker to misuse certain remote access features. An authenticated user with access to the appliance\u0027s virtual console could exploit these features to redirect network traffic, potentially accessing restricted services or data on the host machine."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T21:10:11.206Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-05"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-338-05.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSunbird recommends that users take the following actions:\u003c/p\u003e\u003cul\u003e\u003cli\u003edcTrack: Update to 9.2.3\u003c/li\u003e\u003cli\u003ePower: Update to IQ 9.2.1\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "Sunbird recommends that users take the following actions:\n\n * dcTrack: Update to 9.2.3\n * Power: Update to IQ 9.2.1"
}
],
"source": {
"advisory": "ICSA-25-338-05",
"discovery": "EXTERNAL"
},
"title": "Sunbird DCIM dcTrack and Power IQ Authentication Bypass Using an Alternate Path or Channel",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIf updating immediately is not possible, Sunbird additionally recommends that customers:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRestrict SSH or any non-essential port access in the IP Based Access Control.\u003c/li\u003e\n\u003cli\u003ePasswords for SSH based user accounts be changed at the time of deployment.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "If updating immediately is not possible, Sunbird additionally recommends that customers:\n\n\n\n * Restrict SSH or any non-essential port access in the IP Based Access Control.\n\n * Passwords for SSH based user accounts be changed at the time of deployment."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-66238",
"datePublished": "2025-12-04T21:10:11.206Z",
"dateReserved": "2025-11-25T17:32:15.110Z",
"dateUpdated": "2025-12-04T21:10:11.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66237 (GCVE-0-2025-66237)
Vulnerability from cvelistv5 – Published: 2025-12-04 21:02 – Updated: 2025-12-04 21:02
VLAI?
Summary
DCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could use these credentials to administer the database, escalate privileges on the platform or execute system commands on the host.
Severity ?
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Sunbird | DCIM dcTrack |
Affected:
0 , ≤ v9.2.0
(custom)
Unaffected: 9.2.3 |
||
Credits
notnotnotveg (notnotnotveg@gmail.com) reported these vulnerabilities to CISA.
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DCIM dcTrack",
"vendor": "Sunbird",
"versions": [
{
"lessThanOrEqual": "v9.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "9.2.3"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IQ",
"vendor": "Sunbird",
"versions": [
{
"lessThanOrEqual": "v9.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "9.2.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "notnotnotveg (notnotnotveg@gmail.com) reported these vulnerabilities to CISA."
}
],
"datePublic": "2025-12-04T17:01:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could use these credentials to administer the database, escalate privileges on the platform or execute system commands on the host.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "DCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could use these credentials to administer the database, escalate privileges on the platform or execute system commands on the host."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T21:02:59.614Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-05"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-338-05.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSunbird recommends that users take the following actions:\u003c/p\u003e\u003cul\u003e\u003cli\u003edcTrack: Update to 9.2.3\u003c/li\u003e\u003cli\u003ePower: Update to IQ 9.2.1\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "Sunbird recommends that users take the following actions:\n\n * dcTrack: Update to 9.2.3\n * Power: Update to IQ 9.2.1"
}
],
"source": {
"advisory": "ICSA-25-338-05",
"discovery": "EXTERNAL"
},
"title": "Sunbird DCIM dcTrack and Power IQ Use of Hard-coded Credentials",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIf updating immediately is not possible, Sunbird additionally recommends that customers:\u003c/p\u003e\u003cul\u003e\u003cli\u003eRestrict SSH or any non-essential port access in the IP Based Access Control.\u003c/li\u003e\u003cli\u003ePasswords for SSH based user accounts be changed at the time of deployment.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "If updating immediately is not possible, Sunbird additionally recommends that customers:\n\n * Restrict SSH or any non-essential port access in the IP Based Access Control.\n * Passwords for SSH based user accounts be changed at the time of deployment."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-66237",
"datePublished": "2025-12-04T21:02:59.614Z",
"dateReserved": "2025-11-25T17:32:15.110Z",
"dateUpdated": "2025-12-04T21:02:59.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62575 (GCVE-0-2025-62575)
Vulnerability from cvelistv5 – Published: 2025-12-02 21:11 – Updated: 2025-12-02 21:37
VLAI?
Summary
NMIS/BioDose V22.02 and previous versions rely on a Microsoft SQL Server database. The SQL user account 'nmdbuser' and other created accounts by default have the sysadmin role. This can lead to remote code execution through the use of certain built-in stored procedures.
Severity ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mirion Medical | EC2 Software NMIS BioDose |
Affected:
0 , < 23.0
(custom)
Unaffected: 23.0 |
Credits
Joe Dillon reported these vulnerabilities to Mirion Medical.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62575",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T21:37:17.666393Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T21:37:46.825Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EC2 Software NMIS BioDose",
"vendor": "Mirion Medical",
"versions": [
{
"lessThan": "23.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "23.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joe Dillon reported these vulnerabilities to Mirion Medical."
}
],
"datePublic": "2025-12-02T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNMIS/BioDose V22.02 and previous versions rely on a Microsoft SQL Server database. The SQL user account \u0027nmdbuser\u0027 and other created accounts by default have the sysadmin role. This can lead to remote code execution through the use of certain built-in stored procedures.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "NMIS/BioDose V22.02 and previous versions rely on a Microsoft SQL Server database. The SQL user account \u0027nmdbuser\u0027 and other created accounts by default have the sysadmin role. This can lead to remote code execution through the use of certain built-in stored procedures."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T21:11:20.484Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-336-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMirion Medical recommends users update to V23.0 or later. Users with an active support contract should update to the latest version through the software or users can contact \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003eMirion Medical support\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;directly.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Mirion Medical recommends users update to V23.0 or later. Users with an active support contract should update to the latest version through the software or users can contact Mirion Medical support\u00a0directly."
}
],
"source": {
"advisory": "ICSMA-25-336-01",
"discovery": "EXTERNAL"
},
"title": "Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-62575",
"datePublished": "2025-12-02T21:11:20.484Z",
"dateReserved": "2025-11-11T20:56:52.854Z",
"dateUpdated": "2025-12-02T21:37:46.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64778 (GCVE-0-2025-64778)
Vulnerability from cvelistv5 – Published: 2025-12-02 21:09 – Updated: 2025-12-02 21:38
VLAI?
Summary
NMIS/BioDose software V22.02 and previous versions contain executable binaries with plain text hard-coded passwords. These hard-coded passwords could allow unauthorized access to both the application and database.
Severity ?
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mirion Medical | EC2 Software NMIS BioDose |
Affected:
0 , < 23.0
(custom)
Unaffected: 23.0 |
Credits
Joe Dillon reported these vulnerabilities to Mirion Medical.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64778",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T21:38:39.518064Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T21:38:49.345Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EC2 Software NMIS BioDose",
"vendor": "Mirion Medical",
"versions": [
{
"lessThan": "23.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "23.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joe Dillon reported these vulnerabilities to Mirion Medical."
}
],
"datePublic": "2025-12-02T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNMIS/BioDose software V22.02 and previous versions contain executable binaries with plain text hard-coded passwords. These hard-coded passwords could allow unauthorized access to both the application and database.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "NMIS/BioDose software V22.02 and previous versions contain executable binaries with plain text hard-coded passwords. These hard-coded passwords could allow unauthorized access to both the application and database."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T21:09:38.450Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-336-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMirion Medical recommends users update to V23.0 or later. Users with an active support contract should update to the latest version through the software or users can contact \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003eMirion Medical support\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;directly.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Mirion Medical recommends users update to V23.0 or later. Users with an active support contract should update to the latest version through the software or users can contact Mirion Medical support\u00a0directly."
}
],
"source": {
"advisory": "ICSMA-25-336-01",
"discovery": "EXTERNAL"
},
"title": "Mirion Medical EC2 Software NMIS BioDose Use of Hard-coded Credentials",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-64778",
"datePublished": "2025-12-02T21:09:38.450Z",
"dateReserved": "2025-11-11T20:56:52.864Z",
"dateUpdated": "2025-12-02T21:38:49.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-61940 (GCVE-0-2025-61940)
Vulnerability from cvelistv5 – Published: 2025-12-02 21:07 – Updated: 2025-12-02 21:39
VLAI?
Summary
NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication check in the client software but the underlying database connection always has access. The latest version of NMIS/BioDose introduces an option to use Windows user authentication with the database, which would restrict this database connection.
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mirion Medical | EC2 Software NMIS BioDose |
Affected:
0 , < 23.0
(custom)
Unaffected: 23.0 |
Credits
Joe Dillon reported these vulnerabilities to Mirion Medical.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-61940",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T21:39:17.758822Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T21:39:30.055Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EC2 Software NMIS BioDose",
"vendor": "Mirion Medical",
"versions": [
{
"lessThan": "23.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "23.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joe Dillon reported these vulnerabilities to Mirion Medical."
}
],
"datePublic": "2025-12-02T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication check in the client software but the underlying database connection always has access. The latest version of NMIS/BioDose introduces an option to use Windows user authentication with the database, which would restrict this database connection.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication check in the client software but the underlying database connection always has access. The latest version of NMIS/BioDose introduces an option to use Windows user authentication with the database, which would restrict this database connection."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-603",
"description": "CWE-603",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T21:07:47.995Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-336-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMirion Medical recommends users update to V23.0 or later. Users with an active support contract should update to the latest version through the software or users can contact \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003eMirion Medical support\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;directly.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Mirion Medical recommends users update to V23.0 or later. Users with an active support contract should update to the latest version through the software or users can contact Mirion Medical support\u00a0directly."
}
],
"source": {
"advisory": "ICSMA-25-336-01",
"discovery": "EXTERNAL"
},
"title": "Mirion Medical EC2 Software NMIS BioDose Use of Client-Side Authentication",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-61940",
"datePublished": "2025-12-02T21:07:47.995Z",
"dateReserved": "2025-11-11T20:56:52.843Z",
"dateUpdated": "2025-12-02T21:39:30.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64298 (GCVE-0-2025-64298)
Vulnerability from cvelistv5 – Published: 2025-12-02 21:05 – Updated: 2025-12-02 21:40
VLAI?
Summary
NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked installs. By default, this directory has insecure directory paths that allow access to the SQL Server database and configuration files, which can contain sensitive data.
Severity ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mirion Medical | EC2 Software NMIS BioDose |
Affected:
0 , < 23.0
(custom)
Unaffected: 23.0 |
Credits
Joe Dillon reported these vulnerabilities to Mirion Medical.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64298",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T21:39:58.193059Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T21:40:09.463Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EC2 Software NMIS BioDose",
"vendor": "Mirion Medical",
"versions": [
{
"lessThan": "23.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "23.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joe Dillon reported these vulnerabilities to Mirion Medical."
}
],
"datePublic": "2025-12-02T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked installs. By default, this directory has insecure directory paths that allow access to the SQL Server database and configuration files, which can contain sensitive data.\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked installs. By default, this directory has insecure directory paths that allow access to the SQL Server database and configuration files, which can contain sensitive data."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T21:05:38.266Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-336-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMirion Medical recommends users update to V23.0 or later. Users with an active support contract should update to the latest version through the software or users can contact \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003eMirion Medical support\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;directly.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Mirion Medical recommends users update to V23.0 or later. Users with an active support contract should update to the latest version through the software or users can contact Mirion Medical support\u00a0directly."
}
],
"source": {
"advisory": "ICSMA-25-336-01",
"discovery": "EXTERNAL"
},
"title": "Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-64298",
"datePublished": "2025-12-02T21:05:38.266Z",
"dateReserved": "2025-11-11T20:56:52.837Z",
"dateUpdated": "2025-12-02T21:40:09.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64642 (GCVE-0-2025-64642)
Vulnerability from cvelistv5 – Published: 2025-12-02 21:03 – Updated: 2025-12-02 21:40
VLAI?
Summary
NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executables and libraries.
Severity ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mirion Medical | EC2 Software NMIS BioDose |
Affected:
0 , < 23.0
(custom)
|
Credits
Joe Dillon reported these vulnerabilities to Mirion Medical.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64642",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T21:40:33.476038Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T21:40:46.180Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EC2 Software NMIS BioDose",
"vendor": "Mirion Medical",
"versions": [
{
"lessThan": "23.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joe Dillon reported these vulnerabilities to Mirion Medical."
}
],
"datePublic": "2025-12-02T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNMIS/BioDose V22.02 and previous versions\u0027 installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executables and libraries.\u003c/span\u003e"
}
],
"value": "NMIS/BioDose V22.02 and previous versions\u0027 installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executables and libraries."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T21:03:43.349Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-336-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMirion Medical recommends users update to V23.0 or later. Users with an active support contract should update to the latest version through the software or users can contact \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003eMirion Medical support\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;directly.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Mirion Medical recommends users update to V23.0 or later. Users with an active support contract should update to the latest version through the software or users can contact Mirion Medical support\u00a0directly."
}
],
"source": {
"advisory": "ICSMA-25-336-01",
"discovery": "EXTERNAL"
},
"title": "Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-64642",
"datePublished": "2025-12-02T21:03:43.349Z",
"dateReserved": "2025-11-11T20:56:52.827Z",
"dateUpdated": "2025-12-02T21:40:46.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13658 (GCVE-0-2025-13658)
Vulnerability from cvelistv5 – Published: 2025-12-02 19:35 – Updated: 2025-12-02 21:41
VLAI?
Summary
A vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute arbitrary code via an exposed endpoint, due to the absence of code signing and execution controls. Exploitation results in SYSTEM-level privileges.
Severity ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Industrial Video & Control | Longwatch |
Affected:
6.309 , ≤ 6.334
(custom)
|
Credits
Concerned OT Engineer
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13658",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T21:41:10.934773Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T21:41:24.753Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Longwatch",
"vendor": "Industrial Video \u0026 Control",
"versions": [
{
"lessThanOrEqual": "6.334",
"status": "affected",
"version": "6.309",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Concerned OT Engineer"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute arbitrary code via an exposed endpoint, due to the absence of code signing and execution controls. Exploitation results in SYSTEM-level privileges.\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "A vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute arbitrary code via an exposed endpoint, due to the absence of code signing and execution controls. Exploitation results in SYSTEM-level privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T19:35:59.252Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-336-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIndustrial Video \u0026amp; Control recommends users running versions 6.309 to 6.334 should upgrade to version 6.335 or later to ensure protection against this vulnerability.\u003cbr\u003e\u003cbr\u003e\n\n\u003cp\u003eFor more details, view Industrial Video \u0026amp; Control\u0027s \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://ivcco.com/wp-content/uploads/Longwatch-Security-Bulletin-11-18-2025.pdf\"\u003eadvisory\u003c/a\u003e.\u003c/p\u003e\u003cbr\u003e\n\n\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Industrial Video \u0026 Control recommends users running versions 6.309 to 6.334 should upgrade to version 6.335 or later to ensure protection against this vulnerability.\n\n\n\nFor more details, view Industrial Video \u0026 Control\u0027s advisory https://ivcco.com/wp-content/uploads/Longwatch-Security-Bulletin-11-18-2025.pdf ."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Industrial Video \u0026 Control Longwatch has a Code Injection vulnerability",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-13658",
"datePublished": "2025-12-02T19:35:59.252Z",
"dateReserved": "2025-11-25T16:03:10.989Z",
"dateUpdated": "2025-12-02T21:41:24.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13510 (GCVE-0-2025-13510)
Vulnerability from cvelistv5 – Published: 2025-12-02 19:28 – Updated: 2025-12-02 19:36
VLAI?
Summary
The Iskra iHUB and iHUB Lite smart metering gateway exposes its web management interface without requiring authentication, allowing unauthenticated users to access and modify critical device settings.
Severity ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Iskra | iHUB and iHUB Lite |
Affected:
All versions
|
Credits
Souvik Kandar
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13510",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T19:35:54.010037Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T19:36:03.889Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iHUB and iHUB Lite",
"vendor": "Iskra",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Souvik Kandar"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe Iskra iHUB and iHUB Lite smart metering gateway exposes its web management interface without requiring authentication, allowing unauthenticated users to access and modify critical device settings.\u003c/span\u003e"
}
],
"value": "The Iskra iHUB and iHUB Lite smart metering gateway exposes its web management interface without requiring authentication, allowing unauthenticated users to access and modify critical device settings."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T19:28:23.063Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-336-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Iskra iHUB and iHUB Lite has a Missing Authentication for Critical Function vulnerabilitiy",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-13510",
"datePublished": "2025-12-02T19:28:23.063Z",
"dateReserved": "2025-11-21T17:13:46.361Z",
"dateUpdated": "2025-12-02T19:36:03.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64130 (GCVE-0-2025-64130)
Vulnerability from cvelistv5 – Published: 2025-11-26 17:55 – Updated: 2025-11-26 18:31
VLAI?
Summary
Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting
vulnerability, which could allow a remote attacker to execute arbitrary
JavaScript on the victim's browser.
Severity ?
9.8 (Critical)
CWE
Assigner
References
Credits
Nir Tepper and Noam Moshe of Claroty Team82 reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64130",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-26T18:31:18.116055Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T18:31:42.926Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TCIV-3+",
"vendor": "Zenitel",
"versions": [
{
"lessThanOrEqual": "9.3.3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nir Tepper and Noam Moshe of Claroty Team82 reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting \nvulnerability, which could allow a remote attacker to execute arbitrary \nJavaScript on the victim\u0027s browser."
}
],
"value": "Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting \nvulnerability, which could allow a remote attacker to execute arbitrary \nJavaScript on the victim\u0027s browser."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T17:55:56.856Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://wiki.zenitel.com/wiki/Downloads#Station_and_Device_Firmware_Package_.28VS-IS.29"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-329-03"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-329-03.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zenitel recommends users to upgrade to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://wiki.zenitel.com/wiki/Downloads#Station_and_Device_Firmware_Package_.28VS-IS.29\"\u003eVersion 9.3.3.0 or later\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "Zenitel recommends users to upgrade to Version 9.3.3.0 or later https://wiki.zenitel.com/wiki/Downloads#Station_and_Device_Firmware_Package_.28VS-IS.29 ."
}
],
"source": {
"advisory": "ICSA-25-329-03",
"discovery": "EXTERNAL"
},
"title": "Zenitel TCIV-3+ Cross-site Scripting",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-64130",
"datePublished": "2025-11-26T17:55:56.856Z",
"dateReserved": "2025-10-27T18:03:35.897Z",
"dateUpdated": "2025-11-26T18:31:42.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64129 (GCVE-0-2025-64129)
Vulnerability from cvelistv5 – Published: 2025-11-26 17:54 – Updated: 2025-11-26 18:33
VLAI?
Summary
Zenitel TCIV-3+ is vulnerable to an out-of-bounds write
vulnerability, which could allow a remote attacker to crash the device.
Severity ?
CWE
Assigner
References
Credits
Nir Tepper and Noam Moshe of Claroty Team82 reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64129",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-26T18:32:46.302878Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T18:33:07.564Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TCIV-3+",
"vendor": "Zenitel",
"versions": [
{
"lessThanOrEqual": "9.3.3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nir Tepper and Noam Moshe of Claroty Team82 reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zenitel TCIV-3+ is vulnerable to an out-of-bounds write \nvulnerability, which could allow a remote attacker to crash the device."
}
],
"value": "Zenitel TCIV-3+ is vulnerable to an out-of-bounds write \nvulnerability, which could allow a remote attacker to crash the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T17:56:33.816Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://wiki.zenitel.com/wiki/Downloads#Station_and_Device_Firmware_Package_.28VS-IS.29"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-329-03"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-329-03.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zenitel recommends users to upgrade to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://wiki.zenitel.com/wiki/Downloads#Station_and_Device_Firmware_Package_.28VS-IS.29\"\u003eVersion 9.3.3.0 or later\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "Zenitel recommends users to upgrade to Version 9.3.3.0 or later https://wiki.zenitel.com/wiki/Downloads#Station_and_Device_Firmware_Package_.28VS-IS.29 ."
}
],
"source": {
"advisory": "ICSA-25-329-03",
"discovery": "EXTERNAL"
},
"title": "Zenitel TCIV-3+ Out-of-bounds Write",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-64129",
"datePublished": "2025-11-26T17:54:07.700Z",
"dateReserved": "2025-10-27T18:03:35.897Z",
"dateUpdated": "2025-11-26T18:33:07.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64128 (GCVE-0-2025-64128)
Vulnerability from cvelistv5 – Published: 2025-11-26 17:51 – Updated: 2025-11-26 19:13
VLAI?
Summary
An OS command injection vulnerability exists due to incomplete
validation of user-supplied input. Validation fails to enforce
sufficient formatting rules, which could permit attackers to append
arbitrary data. This could allow an unauthenticated attacker to inject
arbitrary commands.
Severity ?
10 (Critical)
CWE
Assigner
References
Credits
Nir Tepper and Noam Moshe of Claroty Team82 reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64128",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-26T19:13:43.411459Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T19:13:49.932Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TCIV-3+",
"vendor": "Zenitel",
"versions": [
{
"lessThanOrEqual": "9.3.3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nir Tepper and Noam Moshe of Claroty Team82 reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An OS command injection vulnerability exists due to incomplete \nvalidation of user-supplied input. Validation fails to enforce \nsufficient formatting rules, which could permit attackers to append \narbitrary data. This could allow an unauthenticated attacker to inject \narbitrary commands."
}
],
"value": "An OS command injection vulnerability exists due to incomplete \nvalidation of user-supplied input. Validation fails to enforce \nsufficient formatting rules, which could permit attackers to append \narbitrary data. This could allow an unauthenticated attacker to inject \narbitrary commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:L/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T17:51:23.485Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://wiki.zenitel.com/wiki/Downloads#Station_and_Device_Firmware_Package_.28VS-IS.29"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-329-03"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-329-03.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zenitel recommends users to upgrade to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://wiki.zenitel.com/wiki/Downloads#Station_and_Device_Firmware_Package_.28VS-IS.29\"\u003eVersion 9.3.3.0 or later\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "Zenitel recommends users to upgrade to Version 9.3.3.0 or later https://wiki.zenitel.com/wiki/Downloads#Station_and_Device_Firmware_Package_.28VS-IS.29 ."
}
],
"source": {
"advisory": "ICSA-25-329-03",
"discovery": "EXTERNAL"
},
"title": "Zenitel TCIV-3+ OS Command Injection",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-64128",
"datePublished": "2025-11-26T17:51:23.485Z",
"dateReserved": "2025-10-27T18:03:35.897Z",
"dateUpdated": "2025-11-26T19:13:49.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64127 (GCVE-0-2025-64127)
Vulnerability from cvelistv5 – Published: 2025-11-26 17:50 – Updated: 2025-11-26 19:31
VLAI?
Summary
An OS command injection vulnerability exists due to insufficient
sanitization of user-supplied input. The application accepts parameters
that are later incorporated into OS commands without adequate
validation. This could allow an unauthenticated attacker to execute
arbitrary commands remotely.
Severity ?
10 (Critical)
CWE
Assigner
References
Credits
Nir Tepper and Noam Moshe of Claroty Team82 reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64127",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-26T19:30:55.625299Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T19:31:02.691Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TCIV-3+",
"vendor": "Zenitel",
"versions": [
{
"lessThanOrEqual": "9.3.3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nir Tepper and Noam Moshe of Claroty Team82 reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An OS command injection vulnerability exists due to insufficient \nsanitization of user-supplied input. The application accepts parameters \nthat are later incorporated into OS commands without adequate \nvalidation. This could allow an unauthenticated attacker to execute \narbitrary commands remotely."
}
],
"value": "An OS command injection vulnerability exists due to insufficient \nsanitization of user-supplied input. The application accepts parameters \nthat are later incorporated into OS commands without adequate \nvalidation. This could allow an unauthenticated attacker to execute \narbitrary commands remotely."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:L/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T17:50:01.184Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://wiki.zenitel.com/wiki/Downloads#Station_and_Device_Firmware_Package_.28VS-IS.29"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-329-03"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-329-03.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zenitel recommends users to upgrade to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://wiki.zenitel.com/wiki/Downloads#Station_and_Device_Firmware_Package_.28VS-IS.29\"\u003eVersion 9.3.3.0 or later\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "Zenitel recommends users to upgrade to Version 9.3.3.0 or later https://wiki.zenitel.com/wiki/Downloads#Station_and_Device_Firmware_Package_.28VS-IS.29 ."
}
],
"source": {
"advisory": "ICSA-25-329-03",
"discovery": "EXTERNAL"
},
"title": "Zenitel TCIV-3+ OS Command Injection",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-64127",
"datePublished": "2025-11-26T17:50:01.184Z",
"dateReserved": "2025-10-27T18:03:35.897Z",
"dateUpdated": "2025-11-26T19:31:02.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64126 (GCVE-0-2025-64126)
Vulnerability from cvelistv5 – Published: 2025-11-26 17:47 – Updated: 2025-12-03 16:24
VLAI?
Summary
An OS command injection vulnerability exists due to improper input
validation. The application accepts a parameter directly from user input
without verifying it is a valid IP address or filtering potentially
malicious characters. This could allow an unauthenticated attacker to
inject arbitrary commands.
Severity ?
10 (Critical)
CWE
Assigner
References
Credits
Nir Tepper and Noam Moshe of Claroty Team82 reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64126",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T16:24:38.298002Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T16:24:46.181Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TCIV-3+",
"vendor": "Zenitel",
"versions": [
{
"lessThanOrEqual": "9.3.3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nir Tepper and Noam Moshe of Claroty Team82 reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An OS command injection vulnerability exists due to improper input \nvalidation. The application accepts a parameter directly from user input\n without verifying it is a valid IP address or filtering potentially \nmalicious characters. This could allow an unauthenticated attacker to \ninject arbitrary commands."
}
],
"value": "An OS command injection vulnerability exists due to improper input \nvalidation. The application accepts a parameter directly from user input\n without verifying it is a valid IP address or filtering potentially \nmalicious characters. This could allow an unauthenticated attacker to \ninject arbitrary commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:L/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T17:47:05.385Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://wiki.zenitel.com/wiki/Downloads#Station_and_Device_Firmware_Package_.28VS-IS.29"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-329-03"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-329-03.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zenitel recommends users to upgrade to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://wiki.zenitel.com/wiki/Downloads#Station_and_Device_Firmware_Package_.28VS-IS.29\"\u003eVersion 9.3.3.0 or later\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "Zenitel recommends users to upgrade to Version 9.3.3.0 or later https://wiki.zenitel.com/wiki/Downloads#Station_and_Device_Firmware_Package_.28VS-IS.29 ."
}
],
"source": {
"advisory": "ICSA-25-329-03",
"discovery": "EXTERNAL"
},
"title": "Zenitel TCIV-3+ OS Command Injection",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-64126",
"datePublished": "2025-11-26T17:47:05.385Z",
"dateReserved": "2025-10-27T18:03:35.897Z",
"dateUpdated": "2025-12-03T16:24:46.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13084 (GCVE-0-2025-13084)
Vulnerability from cvelistv5 – Published: 2025-11-26 17:39 – Updated: 2025-11-26 18:59
VLAI?
Summary
The users endpoint in the groov View API returns a list of all users and
associated metadata including their API keys. This endpoint requires an
Editor role to access and will display API keys for all users,
including Administrators.
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Opto 22 | groov View Server |
Affected:
R1.0a , ≤ R4.5d
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Nik Tsytsarkin, Ismail Aydemir, and Ryan Hall of Meta reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13084",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-26T18:59:01.900699Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T18:59:31.021Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "groov View Server",
"vendor": "Opto 22",
"versions": [
{
"lessThanOrEqual": "R4.5d",
"status": "affected",
"version": "R1.0a",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GRV-EPIC-PR1 Firmware",
"vendor": "Opto 22",
"versions": [
{
"lessThanOrEqual": "4.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GRV-EPIC-PR2 Firmware",
"vendor": "Opto 22",
"versions": [
{
"lessThanOrEqual": "4.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opto_22:groov_view_server:*:*:windows:*:*:*:*:*",
"versionEndIncluding": "r4.5d",
"versionStartIncluding": "r1.0a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opto_22:grv-epic-pr1_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.0.3",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opto_22:grv-epic-pr2_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.0.3",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nik Tsytsarkin, Ismail Aydemir, and Ryan Hall of Meta reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The users endpoint in the groov View API returns a list of all users and\n associated metadata including their API keys. This endpoint requires an\n Editor role to access and will display API keys for all users, \nincluding Administrators."
}
],
"value": "The users endpoint in the groov View API returns a list of all users and\n associated metadata including their API keys. This endpoint requires an\n Editor role to access and will display API keys for all users, \nincluding Administrators."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1230",
"description": "CWE-1230",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T17:39:37.931Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.opto22.com/support/resources-tools/knowledgebase/kb91325"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-329-04"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-329-04.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Opto 22 has published a patch to address this vulnerability and \nrecommends that users upgrade to groov View Server for Windows Version \nR4.5e and GRV-EPIC Firmware Version 4.0.3. Additional information is \navailable from Opto 22 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.opto22.com/support/resources-tools/knowledgebase/kb91325\"\u003ehere\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "Opto 22 has published a patch to address this vulnerability and \nrecommends that users upgrade to groov View Server for Windows Version \nR4.5e and GRV-EPIC Firmware Version 4.0.3. Additional information is \navailable from Opto 22 here https://www.opto22.com/support/resources-tools/knowledgebase/kb91325 ."
}
],
"source": {
"advisory": "ICSA-25-329-04",
"discovery": "EXTERNAL"
},
"title": "Opto 22 groov View Exposure of Sensitive Information Through Metadata",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-13084",
"datePublished": "2025-11-26T17:39:37.931Z",
"dateReserved": "2025-11-12T19:21:15.811Z",
"dateUpdated": "2025-11-26T18:59:31.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65085 (GCVE-0-2025-65085)
Vulnerability from cvelistv5 – Published: 2025-11-25 17:49 – Updated: 2025-11-25 20:22
VLAI?
Summary
A Heap-based Buffer Overflow vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.207 and prior that could allow an attacker to disclose information or execute arbitrary code.
Severity ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Ashlar-Vellum | Cobalt |
Affected:
0 , ≤ 12.6.1204.207
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
Michael Heinzl reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65085",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-25T20:22:13.079080Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T20:22:20.520Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cobalt",
"vendor": "Ashlar-Vellum",
"versions": [
{
"lessThanOrEqual": "12.6.1204.207",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Xenon",
"vendor": "Ashlar-Vellum",
"versions": [
{
"lessThanOrEqual": "12.6.1204.207",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Argon",
"vendor": "Ashlar-Vellum",
"versions": [
{
"lessThanOrEqual": "12.6.1204.207",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Lithium",
"vendor": "Ashlar-Vellum",
"versions": [
{
"lessThanOrEqual": "12.6.1204.207",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Cobalt Share",
"vendor": "Ashlar-Vellum",
"versions": [
{
"lessThanOrEqual": "12.6.1204.207",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Heinzl reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eA Heap-based Buffer Overflow vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.207 and prior that could allow an attacker to disclose information or execute arbitrary code.\u003c/p\u003e"
}
],
"value": "A Heap-based Buffer Overflow vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.207 and prior that could allow an attacker to disclose information or execute arbitrary code."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T17:49:58.145Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-329-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAshlar-Vellum recommends users update to the following versions:\u003c/p\u003e\u003cul\u003e\u003cli\u003eCobalt: Versions 12.6.1204.208 or higher\u003c/li\u003e\u003cli\u003eXenon: Versions 12.6.1204.208 or higher\u003c/li\u003e\u003cli\u003eArgon: Versions 12.6.1204.208 or higher\u003c/li\u003e\u003cli\u003eLithium: Versions 12.6.1204.208 or higher\u003c/li\u003e\u003cli\u003eCobalt Share: Versions 12.6.1204.208 or higher\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "Ashlar-Vellum recommends users update to the following versions:\n\n * Cobalt: Versions 12.6.1204.208 or higher\n * Xenon: Versions 12.6.1204.208 or higher\n * Argon: Versions 12.6.1204.208 or higher\n * Lithium: Versions 12.6.1204.208 or higher\n * Cobalt Share: Versions 12.6.1204.208 or higher"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Heap-based Buffer Overflow in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-65085",
"datePublished": "2025-11-25T17:49:58.145Z",
"dateReserved": "2025-11-17T16:43:44.054Z",
"dateUpdated": "2025-11-25T20:22:20.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65084 (GCVE-0-2025-65084)
Vulnerability from cvelistv5 – Published: 2025-11-25 17:48 – Updated: 2025-11-25 20:21
VLAI?
Summary
An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.207 and prior that could allow an attacker to disclose information or execute arbitrary code.
Severity ?
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Ashlar-Vellum | Cobalt |
Affected:
0 , ≤ 12.6.1204.207
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
Michael Heinzl reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65084",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-25T20:21:34.757851Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T20:21:46.962Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cobalt",
"vendor": "Ashlar-Vellum",
"versions": [
{
"lessThanOrEqual": "12.6.1204.207",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Xenon",
"vendor": "Ashlar-Vellum",
"versions": [
{
"lessThanOrEqual": "12.6.1204.207",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Argon",
"vendor": "Ashlar-Vellum",
"versions": [
{
"lessThanOrEqual": "12.6.1204.207",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Lithium",
"vendor": "Ashlar-Vellum",
"versions": [
{
"lessThanOrEqual": "12.6.1204.207",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Cobalt Share",
"vendor": "Ashlar-Vellum",
"versions": [
{
"lessThanOrEqual": "12.6.1204.207",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Heinzl reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.207 and prior that could allow an attacker to disclose information or execute arbitrary code.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.207 and prior that could allow an attacker to disclose information or execute arbitrary code."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T17:48:55.213Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-329-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAshlar-Vellum recommends users update to the following versions:\u003c/p\u003e\u003cul\u003e\u003cli\u003eCobalt: Versions 12.6.1204.208 or higher\u003c/li\u003e\u003cli\u003eXenon: Versions 12.6.1204.208 or higher\u003c/li\u003e\u003cli\u003eArgon: Versions 12.6.1204.208 or higher\u003c/li\u003e\u003cli\u003eLithium: Versions 12.6.1204.208 or higher\u003c/li\u003e\u003cli\u003eCobalt Share: Versions 12.6.1204.208 or higher\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "Ashlar-Vellum recommends users update to the following versions:\n\n * Cobalt: Versions 12.6.1204.208 or higher\n * Xenon: Versions 12.6.1204.208 or higher\n * Argon: Versions 12.6.1204.208 or higher\n * Lithium: Versions 12.6.1204.208 or higher\n * Cobalt Share: Versions 12.6.1204.208 or higher"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds Write in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-65084",
"datePublished": "2025-11-25T17:48:55.213Z",
"dateReserved": "2025-11-17T16:43:44.053Z",
"dateUpdated": "2025-11-25T20:21:46.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13483 (GCVE-0-2025-13483)
Vulnerability from cvelistv5 – Published: 2025-11-25 17:36 – Updated: 2025-11-25 20:21
VLAI?
Summary
SiRcom SMART Alert (SiSA) allows unauthorized access to backend APIs. This allows an unauthenticated attacker to bypass the login screen using browser developer tools, gaining access to restricted parts of the application.
Severity ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SiRcom | SMART Alert (SiSA |
Affected:
3.0.48
|
Credits
Souvik Kandar of Microsec (microsec.io)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13483",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-25T20:21:06.330931Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T20:21:13.361Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SMART Alert (SiSA",
"vendor": "SiRcom",
"versions": [
{
"status": "affected",
"version": "3.0.48"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Souvik Kandar of Microsec (microsec.io)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SiRcom SMART Alert (SiSA) allows unauthorized access to backend APIs. This allows an unauthenticated attacker to bypass the login screen using browser developer tools, gaining access to restricted parts of the application."
}
],
"value": "SiRcom SMART Alert (SiSA) allows unauthorized access to backend APIs. This allows an unauthenticated attacker to bypass the login screen using browser developer tools, gaining access to restricted parts of the application."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T17:57:39.786Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-329-06"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Authentication for Critical Function in SiRcom SMART Alert (SiSA)",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SiRcom did not respond to CISA\u0027s request for coordination. Contact SiRcom using their contact page at\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://sircom.org/contact/\"\u003ehttps://sircom.org/contact/\u003c/a\u003e\u0026nbsp;for more information.\u003cbr\u003e"
}
],
"value": "SiRcom did not respond to CISA\u0027s request for coordination. Contact SiRcom using their contact page at\u00a0 https://sircom.org/contact/ \u00a0for more information."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-13483",
"datePublished": "2025-11-25T17:36:24.451Z",
"dateReserved": "2025-11-20T16:46:56.591Z",
"dateUpdated": "2025-11-25T20:21:13.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13087 (GCVE-0-2025-13087)
Vulnerability from cvelistv5 – Published: 2025-11-20 21:32 – Updated: 2025-11-21 16:01
VLAI?
Summary
A vulnerability exists in the Opto22 Groov Manage REST API on GRV-EPIC and groov RIO Products that allows remote code execution with root privileges. When a POST request is executed against the vulnerable endpoint, the application reads certain header details and unsafely uses these values to build commands, allowing an attacker with administrative privileges to inject arbitrary commands that execute as root.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Opto22 | GRV-EPIC-PR1 |
Affected:
0 , < 4.0.3
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
Nik Tsytsarkin of Meta reported this vulnerability to CISA.
Ismail Aydemir of Meta reported this vulnerability to CISA.
Ryan Hall of Meta reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13087",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-21T16:01:30.468009Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T16:01:40.324Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GRV-EPIC-PR1",
"vendor": "Opto22",
"versions": [
{
"lessThan": "4.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GRV-EPIC-PR2",
"vendor": "Opto22",
"versions": [
{
"lessThan": "4.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "groov RIO GRV-R7-MM1001-10",
"vendor": "Opto22",
"versions": [
{
"lessThan": "4.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "groov RIO GRV-R7-MM2001-10",
"vendor": "Opto22",
"versions": [
{
"lessThan": "4.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "groov RIO GRV-R7-I1VAPM-3",
"vendor": "Opto22",
"versions": [
{
"lessThan": "4.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nik Tsytsarkin of Meta reported this vulnerability to CISA."
},
{
"lang": "en",
"type": "finder",
"value": "Ismail Aydemir of Meta reported this vulnerability to CISA."
},
{
"lang": "en",
"type": "finder",
"value": "Ryan Hall of Meta reported this vulnerability to CISA."
}
],
"datePublic": "2025-11-20T20:35:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability exists in the Opto22 Groov Manage REST API on GRV-EPIC and groov RIO Products that allows remote code execution with root privileges. When a POST request is executed against the vulnerable endpoint, the application reads certain header details and unsafely uses these values to build commands, allowing an attacker with administrative privileges to inject arbitrary commands that execute as root.\u003c/span\u003e"
}
],
"value": "A vulnerability exists in the Opto22 Groov Manage REST API on GRV-EPIC and groov RIO Products that allows remote code execution with root privileges. When a POST request is executed against the vulnerable endpoint, the application reads certain header details and unsafely uses these values to build commands, allowing an attacker with administrative privileges to inject arbitrary commands that execute as root."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T21:32:37.510Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-324-03"
},
{
"url": "https://www.opto22.com/support/resources-tools/knowledgebase/kb91326"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-324-03.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOpto 22 has published a patch to address this vulnerability and recommends that users upgrade to GRV-EPIC and groov RIO Firmware Version 4.0.3. Additional information is available from Opto 22 \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.opto22.com/support/resources-tools/knowledgebase/kb91326\"\u003ehere\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Opto 22 has published a patch to address this vulnerability and recommends that users upgrade to GRV-EPIC and groov RIO Firmware Version 4.0.3. Additional information is available from Opto 22 here https://www.opto22.com/support/resources-tools/knowledgebase/kb91326 ."
}
],
"source": {
"advisory": "ICSA-25-324-03",
"discovery": "EXTERNAL"
},
"title": "Command Injection in Opto22 Groov REST API",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-13087",
"datePublished": "2025-11-20T21:32:37.510Z",
"dateReserved": "2025-11-12T19:41:06.455Z",
"dateUpdated": "2025-11-21T16:01:40.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62674 (GCVE-0-2025-62674)
Vulnerability from cvelistv5 – Published: 2025-11-20 20:37 – Updated: 2025-11-21 16:02
VLAI?
Summary
The affected product allows unauthenticated access to Real Time Streaming Protocol (RTSP) services, which may allow an attacker unauthorized access to camera configuration information.
Severity ?
CWE
Assigner
References
Impacted products
Credits
Truong Nguyen Long
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62674",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-21T16:02:23.798163Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T16:02:31.684Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "P201",
"vendor": "iCam365",
"versions": [
{
"lessThanOrEqual": "43.4.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QC021",
"vendor": "iCam365",
"versions": [
{
"lessThanOrEqual": "43.4.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Truong Nguyen Long"
}
],
"datePublic": "2025-11-20T20:05:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe affected product allows unauthenticated access to Real Time Streaming Protocol (RTSP) services, which may allow an attacker unauthorized access to camera configuration information.\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "The affected product allows unauthenticated access to Real Time Streaming Protocol (RTSP) services, which may allow an attacker unauthorized access to camera configuration information."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T20:37:27.482Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-324-02"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-324-02.json"
},
{
"url": "https://icam365.net/en/aboutUs/"
}
],
"source": {
"advisory": "ICSA-25-324-02",
"discovery": "EXTERNAL"
},
"title": "Missing Authentication for RTSP in iCam Cameras",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eiCam365 did not respond to CISA\u0027s request for coordination. Contact \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://icam365.net/en/aboutUs/\"\u003eiCam365\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;directly for more information.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "iCam365 did not respond to CISA\u0027s request for coordination. Contact iCam365 https://icam365.net/en/aboutUs/ \u00a0directly for more information."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-62674",
"datePublished": "2025-11-20T20:37:27.482Z",
"dateReserved": "2025-11-11T20:50:34.888Z",
"dateUpdated": "2025-11-21T16:02:31.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64770 (GCVE-0-2025-64770)
Vulnerability from cvelistv5 – Published: 2025-11-20 20:25 – Updated: 2025-11-21 16:04
VLAI?
Summary
The affected products allow unauthenticated access to Open Network Video Interface Forum (ONVIF) services, which may allow an attacker unauthorized access to camera configuration information.
Severity ?
CWE
Assigner
References
Impacted products
Credits
Truong Nguyen Long
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64770",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-21T16:04:37.694753Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T16:04:45.770Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "P201",
"vendor": "iCam365",
"versions": [
{
"lessThanOrEqual": "43.4.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QC021",
"vendor": "iCam365",
"versions": [
{
"lessThanOrEqual": "43.4.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Truong Nguyen Long"
}
],
"datePublic": "2025-11-20T20:05:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe affected products allow unauthenticated access to Open Network Video Interface Forum (ONVIF) services, which may allow an attacker unauthorized access to camera configuration information.\u003c/span\u003e"
}
],
"value": "The affected products allow unauthenticated access to Open Network Video Interface Forum (ONVIF) services, which may allow an attacker unauthorized access to camera configuration information."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T20:25:44.401Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-324-02"
},
{
"url": "https://icam365.net/en/aboutUs/"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-324-02.json"
}
],
"source": {
"advisory": "ICSA-25-324-02",
"discovery": "EXTERNAL"
},
"title": "Missing Authentication for ONVIF in iCam Cameras",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eiCam365 did not respond to CISA\u0027s request for coordination. Contact \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://icam365.net/en/aboutUs/\"\u003eiCam365\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;directly for more information.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "iCam365 did not respond to CISA\u0027s request for coordination. Contact iCam365 https://icam365.net/en/aboutUs/ \u00a0directly for more information."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-64770",
"datePublished": "2025-11-20T20:25:44.401Z",
"dateReserved": "2025-11-11T20:50:34.868Z",
"dateUpdated": "2025-11-21T16:04:45.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8386 (GCVE-0-2025-8386)
Vulnerability from cvelistv5 – Published: 2025-11-14 23:57 – Updated: 2025-11-17 16:56
VLAI?
Summary
The vulnerability, if exploited, could allow an authenticated miscreant
(with privilege of "aaConfigTools") to tamper with App Objects' help
files and persist a cross-site scripting (XSS) injection that when
executed by a victim user, can result in horizontal or vertical
escalation of privileges. The vulnerability can only be exploited during
config-time operations within the IDE component of Application Server.
Run-time components and operations are not affected.
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AVEVA | Application Server |
Affected:
0 , ≤ Versions 2023 R2 SP1 P02
(custom)
|
Credits
AVEVA reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8386",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-17T16:55:50.026475Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T16:56:00.107Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Application Server",
"vendor": "AVEVA",
"versions": [
{
"lessThanOrEqual": "Versions 2023 R2 SP1 P02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "AVEVA reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability, if exploited, could allow an authenticated miscreant \n(with privilege of \"aaConfigTools\") to tamper with App Objects\u0027 help \nfiles and persist a cross-site scripting (XSS) injection that when \nexecuted by a victim user, can result in horizontal or vertical \nescalation of privileges. The vulnerability can only be exploited during\n config-time operations within the IDE component of Application Server. \nRun-time components and operations are not affected."
}
],
"value": "The vulnerability, if exploited, could allow an authenticated miscreant \n(with privilege of \"aaConfigTools\") to tamper with App Objects\u0027 help \nfiles and persist a cross-site scripting (XSS) injection that when \nexecuted by a victim user, can result in horizontal or vertical \nescalation of privileges. The vulnerability can only be exploited during\n config-time operations within the IDE component of Application Server. \nRun-time components and operations are not affected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T23:57:04.396Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin-AVEVA-2025-005.pdf"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-02"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-02.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAVEVA recommends that organizations evaluate the impact of these \nvulnerabilities based on their operational environment, architecture, \nand product implementation. Users using affected product versions should\n apply security updates to mitigate the risk of exploit.\u003c/p\u003e\u003cp\u003eAll affected versions of the Application Server IDE can be fixed by upgrading to AVEVA System Platform \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/en-US/downloads/products/details/d32b2534-9601-4beb-ac78-046ca2ef594d\"\u003e2023 R2 SP1 P03\u003c/a\u003e\u0026nbsp;or higher.\u003c/p\u003e\n\u003cp\u003eThe following general defensive measures are recommended:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAudit assigned permissions to ensure that only trusted users are \nadded to the \"aaConfigTools\" OS Group. For additional information on \nApplication Server OS Security groups and accounts, see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.aveva.com/bundle/sp-install/page/738031.html\"\u003ehttps://docs.aveva.com/bundle/sp-install/page/738031.html\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003eFor more information, see AVEVA\u0027s Security Bulletin \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-005.pdf\"\u003eAVEVA-2025-005\u003c/a\u003e or AVEVA\u0027s \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003ebulletins page\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "AVEVA recommends that organizations evaluate the impact of these \nvulnerabilities based on their operational environment, architecture, \nand product implementation. Users using affected product versions should\n apply security updates to mitigate the risk of exploit.\n\nAll affected versions of the Application Server IDE can be fixed by upgrading to AVEVA System Platform 2023 R2 SP1 P03 https://softwaresupportsp.aveva.com/en-US/downloads/products/details/d32b2534-9601-4beb-ac78-046ca2ef594d \u00a0or higher.\n\n\nThe following general defensive measures are recommended:\n\n\n\n * Audit assigned permissions to ensure that only trusted users are \nadded to the \"aaConfigTools\" OS Group. For additional information on \nApplication Server OS Security groups and accounts, see https://docs.aveva.com/bundle/sp-install/page/738031.html \n\n\nFor more information, see AVEVA\u0027s Security Bulletin AVEVA-2025-005 https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-005.pdf or AVEVA\u0027s bulletins page https://www.aveva.com/en/support-and-success/cyber-security-updates/ ."
}
],
"source": {
"advisory": "ICSA-25-317-02",
"discovery": "INTERNAL"
},
"title": "AVEVA Application Server IDE Basic Cross-site Scripting",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-8386",
"datePublished": "2025-11-14T23:57:04.396Z",
"dateReserved": "2025-07-30T18:49:26.187Z",
"dateUpdated": "2025-11-17T16:56:00.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9317 (GCVE-0-2025-9317)
Vulnerability from cvelistv5 – Published: 2025-11-14 23:49 – Updated: 2025-11-17 16:55
VLAI?
Summary
The vulnerability, if exploited, could allow a miscreant with read
access to Edge Project files or Edge Offline Cache files to reverse
engineer Edge users' app-native or Active Directory passwords through
computational brute-forcing of weak hashes.
Severity ?
CWE
Assigner
References
Credits
Joao Varelas reported this vulnerability to AVEVA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9317",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-17T16:55:08.051296Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T16:55:20.081Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Edge",
"vendor": "AVEVA",
"versions": [
{
"lessThanOrEqual": "Versions 2023 R2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joao Varelas reported this vulnerability to AVEVA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability, if exploited, could allow a miscreant with read \naccess to Edge Project files or Edge Offline Cache files to reverse \nengineer Edge users\u0027 app-native or Active Directory passwords through \ncomputational brute-forcing of weak hashes."
}
],
"value": "The vulnerability, if exploited, could allow a miscreant with read \naccess to Edge Project files or Edge Offline Cache files to reverse \nengineer Edge users\u0027 app-native or Active Directory passwords through \ncomputational brute-forcing of weak hashes."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T23:49:27.149Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-006.pdf"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-03"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-03.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAVEVA recommends that organizations evaluate the impact of this \nvulnerability based on their operational environment, architecture, and \nproduct implementation.\u003c/p\u003e\n\u003cp\u003eUsers using the affected product versions should take the following actions to mitigate the risk of exploit:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eApply AVEVA Edge \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/en-US/downloads/products/details/38f52447-3013-4c4e-be6e-9b28b635bba9\"\u003e2023 R2 P01\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cli\u003e Security Update and migrate old project files.\u003c/li\u003e\n\u003cli\u003eFor projects that cannot be migrated (e.g. backups or transient \ncopies), evaluate the risk of potential password leakage from these \nfiles and implement stricter read access controls to protect these \nunsafe files.\u003c/li\u003e\n\u003cli\u003eRequire AVEVA Edge users to change their passwords.\u003c/li\u003e\n\u003cli\u003eImportant: Edge project migration from older versions to 2023 R2 P01\n is one-way due to the change in password hashing algorithms.\u003c/li\u003e\u003cli\u003e\u003cbr\u003e\u003c/li\u003e\nFor information on how to reach AVEVA support for your product, please refer to this link: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support/support-contact/\"\u003eAVEVA Customer Support\u003c/a\u003e.\u003cp\u003eFor more information, see AVEVA\u0027s Security Bulletin \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-006.pdf\"\u003eAVEVA-2025-006\u003c/a\u003e\u0026nbsp;or AVEVA\u0027s \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003ebulletins page\u003c/a\u003e.\n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "AVEVA recommends that organizations evaluate the impact of this \nvulnerability based on their operational environment, architecture, and \nproduct implementation.\n\n\nUsers using the affected product versions should take the following actions to mitigate the risk of exploit:\n\n\n\n * Apply AVEVA Edge 2023 R2 P01 https://softwaresupportsp.aveva.com/en-US/downloads/products/details/38f52447-3013-4c4e-be6e-9b28b635bba9 \n\n\n * Security Update and migrate old project files.\n\n * For projects that cannot be migrated (e.g. backups or transient \ncopies), evaluate the risk of potential password leakage from these \nfiles and implement stricter read access controls to protect these \nunsafe files.\n\n * Require AVEVA Edge users to change their passwords.\n\n * Important: Edge project migration from older versions to 2023 R2 P01\n is one-way due to the change in password hashing algorithms.\n * \n\n\nFor information on how to reach AVEVA support for your product, please refer to this link: AVEVA Customer Support https://www.aveva.com/en/support/support-contact/ .For more information, see AVEVA\u0027s Security Bulletin AVEVA-2025-006 https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-006.pdf \u00a0or AVEVA\u0027s bulletins page https://www.aveva.com/en/support-and-success/cyber-security-updates/ ."
}
],
"source": {
"advisory": "ICSA-25-317-03",
"discovery": "EXTERNAL"
},
"title": "AVEVA Edge Use of a Broken or Risky Cryptographic Algorithm",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following general defensive measures are recommended:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAccess Control Lists should be applied to all folders where users will save and load project files.\u003c/li\u003e\n\u003cli\u003eMaintain a trusted chain-of-custody on project files during creation, modification, distribution, and use.\u003c/li\u003e\n\u003cli\u003eApply data-protection at the project level with a strong master \npassword. For configuration step-by-step refer to AVEVA Edge \"Technical \nReference Manual\" \u0026gt; Project Overview \u0026gt; Configuring Additional \nProject Settings \u0026gt; Options Tab \u0026gt; Data Protection.\u003c/li\u003e\n\u003cli\u003eIf passwords are being used as function parameters inside project \ndocuments (such as scripts or worksheets), it is recommended to remove \nthose passwords and use project tags instead. For more information on \ntags refer to AVEVA Edge \"Technical Reference Manual\" \u0026gt; Tags and the \nTag Database \u0026gt; About Tags and the Project Database.\u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003eFor information on how to reach AVEVA support for your product, please refer to this link: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support/support-contact/\"\u003eAVEVA Customer Support\u003c/a\u003e\u0026nbsp;.\u003c/p\u003e\u003cp\u003eFor more information, see AVEVA\u0027s Security Bulletin \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-006.pdf\"\u003eAVEVA-2025-006\u003c/a\u003e\u0026nbsp;or AVEVA\u0027s \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003ebulletins page\u003c/a\u003e.\n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "The following general defensive measures are recommended:\n\n\n\n * Access Control Lists should be applied to all folders where users will save and load project files.\n\n * Maintain a trusted chain-of-custody on project files during creation, modification, distribution, and use.\n\n * Apply data-protection at the project level with a strong master \npassword. For configuration step-by-step refer to AVEVA Edge \"Technical \nReference Manual\" \u003e Project Overview \u003e Configuring Additional \nProject Settings \u003e Options Tab \u003e Data Protection.\n\n * If passwords are being used as function parameters inside project \ndocuments (such as scripts or worksheets), it is recommended to remove \nthose passwords and use project tags instead. For more information on \ntags refer to AVEVA Edge \"Technical Reference Manual\" \u003e Tags and the \nTag Database \u003e About Tags and the Project Database.\n\n\n\nFor information on how to reach AVEVA support for your product, please refer to this link: AVEVA Customer Support https://www.aveva.com/en/support/support-contact/ \u00a0.\n\nFor more information, see AVEVA\u0027s Security Bulletin AVEVA-2025-006 https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-006.pdf \u00a0or AVEVA\u0027s bulletins page https://www.aveva.com/en/support-and-success/cyber-security-updates/ ."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-9317",
"datePublished": "2025-11-14T23:49:27.149Z",
"dateReserved": "2025-08-21T12:45:22.693Z",
"dateUpdated": "2025-11-17T16:55:20.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64309 (GCVE-0-2025-64309)
Vulnerability from cvelistv5 – Published: 2025-11-14 23:41 – Updated: 2025-11-17 18:54
VLAI?
Summary
Brightpick Mission Control
discloses device telemetry, configuration, and credential information
via WebSocket traffic to unauthenticated users when they connect to a
specific URL. The unauthenticated URL can be discovered through basic
network scanning techniques.
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Brightpick AI | Brightpick Mission Control / Internal Logic Control |
Affected:
All versions
|
Credits
Souvik Kandar reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64309",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-17T18:54:14.035386Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T18:54:22.779Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Brightpick Mission Control / Internal Logic Control",
"vendor": "Brightpick AI",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Souvik Kandar reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Brightpick Mission Control \ndiscloses device telemetry, configuration, and credential information \nvia WebSocket traffic to unauthenticated users when they connect to a \nspecific URL. The unauthenticated URL can be discovered through basic \nnetwork scanning techniques."
}
],
"value": "Brightpick Mission Control \ndiscloses device telemetry, configuration, and credential information \nvia WebSocket traffic to unauthenticated users when they connect to a \nspecific URL. The unauthenticated URL can be discovered through basic \nnetwork scanning techniques."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-523",
"description": "CWE-523",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T23:41:18.445Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://brightpick.ai/contact-us/"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-04"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-04.json"
}
],
"source": {
"advisory": "ICSA-25-317-04",
"discovery": "EXTERNAL"
},
"title": "Brightpick Mission Control / Internal Logic Control Unprotected Transport of Credentials",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Brightpick AI has not responded to requests to work with CISA to \nmitigate these vulnerabilities. Users of the affected products are \nencouraged to contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://brightpick.ai/contact-us/\"\u003eBrightpick AI\u003c/a\u003e for additional information.\n\n\u003cbr\u003e"
}
],
"value": "Brightpick AI has not responded to requests to work with CISA to \nmitigate these vulnerabilities. Users of the affected products are \nencouraged to contact Brightpick AI https://brightpick.ai/contact-us/ for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-64309",
"datePublished": "2025-11-14T23:41:18.445Z",
"dateReserved": "2025-10-29T17:40:55.209Z",
"dateUpdated": "2025-11-17T18:54:22.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64308 (GCVE-0-2025-64308)
Vulnerability from cvelistv5 – Published: 2025-11-14 23:38 – Updated: 2025-11-17 16:58
VLAI?
Summary
The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle.
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Brightpick AI | Brightpick Mission Control / Internal Logic Control |
Affected:
All versions
|
Credits
Souvik Kandar reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64308",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-17T16:58:27.359339Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T16:58:32.428Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Brightpick Mission Control / Internal Logic Control",
"vendor": "Brightpick AI",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Souvik Kandar reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle."
}
],
"value": "The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-523",
"description": "CWE-523",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T23:38:48.467Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://brightpick.ai/contact-us/"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-04"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-04.json"
}
],
"source": {
"advisory": "ICSA-25-317-04",
"discovery": "EXTERNAL"
},
"title": "Brightpick Mission Control / Internal Logic Control Unprotected Transport of Credentials",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Brightpick AI has not responded to requests to work with CISA to \nmitigate these vulnerabilities. Users of the affected products are \nencouraged to contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://brightpick.ai/contact-us/\"\u003eBrightpick AI\u003c/a\u003e for additional information.\n\n\u003cbr\u003e"
}
],
"value": "Brightpick AI has not responded to requests to work with CISA to \nmitigate these vulnerabilities. Users of the affected products are \nencouraged to contact Brightpick AI https://brightpick.ai/contact-us/ for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-64308",
"datePublished": "2025-11-14T23:38:48.467Z",
"dateReserved": "2025-10-29T17:40:55.209Z",
"dateUpdated": "2025-11-17T16:58:32.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64307 (GCVE-0-2025-64307)
Vulnerability from cvelistv5 – Published: 2025-11-14 23:34 – Updated: 2025-11-17 16:51
VLAI?
Summary
The Brightpick Internal Logic Control web interface is accessible
without requiring user authentication. An unauthorized user could
exploit this interface to manipulate robot control functions, including
initiating or halting runners, assigning jobs, clearing stations, and
deploying storage totes.
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Brightpick AI | Brightpick Mission Control / Internal Logic Control |
Affected:
All versions
|
Credits
Souvik Kandar reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64307",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-17T16:51:23.443518Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T16:51:31.868Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Brightpick Mission Control / Internal Logic Control",
"vendor": "Brightpick AI",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Souvik Kandar reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Brightpick Internal Logic Control web interface is accessible \nwithout requiring user authentication. An unauthorized user could \nexploit this interface to manipulate robot control functions, including \ninitiating or halting runners, assigning jobs, clearing stations, and \ndeploying storage totes."
}
],
"value": "The Brightpick Internal Logic Control web interface is accessible \nwithout requiring user authentication. An unauthorized user could \nexploit this interface to manipulate robot control functions, including \ninitiating or halting runners, assigning jobs, clearing stations, and \ndeploying storage totes."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T23:34:59.659Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://brightpick.ai/contact-us/"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-04"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-04.json"
}
],
"source": {
"advisory": "ICSA-25-317-04",
"discovery": "EXTERNAL"
},
"title": "Brightpick Mission Control / Internal Logic Control Missing Authentication for Critical Function",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Brightpick AI has not responded to requests to work with CISA to \nmitigate these vulnerabilities. Users of the affected products are \nencouraged to contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://brightpick.ai/contact-us/\"\u003eBrightpick AI\u003c/a\u003e for additional information.\n\n\u003cbr\u003e"
}
],
"value": "Brightpick AI has not responded to requests to work with CISA to \nmitigate these vulnerabilities. Users of the affected products are \nencouraged to contact Brightpick AI https://brightpick.ai/contact-us/ for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-64307",
"datePublished": "2025-11-14T23:34:59.659Z",
"dateReserved": "2025-10-29T17:40:55.207Z",
"dateUpdated": "2025-11-17T16:51:31.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62765 (GCVE-0-2025-62765)
Vulnerability from cvelistv5 – Published: 2025-11-14 23:27 – Updated: 2025-11-17 16:54
VLAI?
Summary
General Industrial Controls Lynx+ Gateway is vulnerable to a cleartext transmission vulnerability that could allow
an attacker to observe network traffic to obtain sensitive information,
including plaintext credentials.
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| General Industrial Controls | Lynx+ Gateway |
Affected:
Version R08
Affected: Version V03 Affected: Version V05 Affected: Version V18 |
Credits
Abhishek Pandey from Payatu Security Consulting Pvt. Ltd. reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62765",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-17T16:54:52.076509Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T16:54:56.898Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Lynx+ Gateway",
"vendor": "General Industrial Controls",
"versions": [
{
"status": "affected",
"version": "Version R08"
},
{
"status": "affected",
"version": "Version V03"
},
{
"status": "affected",
"version": "Version V05"
},
{
"status": "affected",
"version": "Version V18"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Abhishek Pandey from Payatu Security Consulting Pvt. Ltd. reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "General Industrial Controls Lynx+ Gateway\u0026nbsp;is vulnerable to a cleartext transmission vulnerability that could allow\n an attacker to observe network traffic to obtain sensitive information,\n including plaintext credentials."
}
],
"value": "General Industrial Controls Lynx+ Gateway\u00a0is vulnerable to a cleartext transmission vulnerability that could allow\n an attacker to observe network traffic to obtain sensitive information,\n including plaintext credentials."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T23:27:55.174Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-08"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-08.json"
}
],
"source": {
"advisory": "ICSA-25-317-08",
"discovery": "EXTERNAL"
},
"title": "General Industrial Controls Lynx+ Gateway Cleartext Transmission of Sensitive Information",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "General Industrial Controls (GIC) did not respond to CISA\u0027s attempts to \ncoordinate. Users of General Industrial Controls Lynx+ Gateway are \nencouraged to reach out to \u003ca target=\"_blank\" rel=\"nofollow\"\u003eGIC\u003c/a\u003e for more information.\n\n\u003cbr\u003e"
}
],
"value": "General Industrial Controls (GIC) did not respond to CISA\u0027s attempts to \ncoordinate. Users of General Industrial Controls Lynx+ Gateway are \nencouraged to reach out to GIC for more information."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-62765",
"datePublished": "2025-11-14T23:27:55.174Z",
"dateReserved": "2025-11-06T20:44:49.374Z",
"dateUpdated": "2025-11-17T16:54:56.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}