Search criteria
4 vulnerabilities found for NRP1302/P Desktop IP Phone by New Rock Technologies
CVE-2025-0681 (GCVE-0-2025-0681)
Vulnerability from cvelistv5 – Published: 2025-01-30 18:53 – Updated: 2025-01-30 19:11
VLAI?
Summary
The Cloud MQTT service of the affected products supports wildcard topic
subscription which could allow an attacker to obtain sensitive
information from tapping the service communications.
Severity ?
6.2 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| New Rock Technologies | OM500 IP-PBX |
Affected:
All
|
||||||||||||
|
||||||||||||||
Credits
Tomer Goldschmidt of Claroty Team82 reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0681",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T19:11:47.355418Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T19:11:58.156Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OM500 IP-PBX",
"vendor": "New Rock Technologies",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MX8G VoIP Gateway",
"vendor": "New Rock Technologies",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NRP1302/P Desktop IP Phone",
"vendor": "New Rock Technologies",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tomer Goldschmidt of Claroty Team82 reported these vulnerabilities to CISA."
}
],
"datePublic": "2025-01-30T17:26:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Cloud MQTT service of the affected products supports wildcard topic \nsubscription which could allow an attacker to obtain sensitive \ninformation from tapping the service communications."
}
],
"value": "The Cloud MQTT service of the affected products supports wildcard topic \nsubscription which could allow an attacker to obtain sensitive \ninformation from tapping the service communications."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-155",
"description": "CWE-155",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T18:53:09.669Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-030-02"
},
{
"url": "https://www.newrocktech.com/ContactUs/index.html"
}
],
"source": {
"advisory": "ICSA-25-030-02",
"discovery": "EXTERNAL"
},
"title": "New Rock Technologies Cloud Connected Devices Improper Neutralization of Wildcards or Matching Symbols",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "New Rock Technologies has not responded to requests to work with CISA to\n mitigate these vulnerabilities. Users of affected versions of New Rock \nTechnologies Cloud Connected Devices are invited to contact New Rock \nTechnologies \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.newrocktech.com/ContactUs/index.html\"\u003ecustomer support\u003c/a\u003e for additional information.\n\n\u003cbr\u003e"
}
],
"value": "New Rock Technologies has not responded to requests to work with CISA to\n mitigate these vulnerabilities. Users of affected versions of New Rock \nTechnologies Cloud Connected Devices are invited to contact New Rock \nTechnologies customer support https://www.newrocktech.com/ContactUs/index.html for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-0681",
"datePublished": "2025-01-30T18:53:09.669Z",
"dateReserved": "2025-01-23T16:50:56.326Z",
"dateUpdated": "2025-01-30T19:11:58.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0680 (GCVE-0-2025-0680)
Vulnerability from cvelistv5 – Published: 2025-01-30 18:50 – Updated: 2025-01-30 19:15
VLAI?
Summary
Affected products contain a vulnerability in the device cloud rpc command handling process that could allow remote attackers to take control over arbitrary devices connected to the cloud.
Severity ?
9.8 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| New Rock Technologies | OM500 IP-PBX |
Affected:
All
|
||||||||||||
|
||||||||||||||
Credits
Tomer Goldschmidt of Claroty Team82 reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0680",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T19:13:32.878080Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T19:15:29.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OM500 IP-PBX",
"vendor": "New Rock Technologies",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MX8G VoIP Gateway",
"vendor": "New Rock Technologies",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NRP1302/P Desktop IP Phone",
"vendor": "New Rock Technologies",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tomer Goldschmidt of Claroty Team82 reported these vulnerabilities to CISA."
}
],
"datePublic": "2025-01-30T17:26:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Affected products contain a vulnerability in the device cloud rpc command handling process that could allow remote attackers to take control over arbitrary devices connected to the cloud."
}
],
"value": "Affected products contain a vulnerability in the device cloud rpc command handling process that could allow remote attackers to take control over arbitrary devices connected to the cloud."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T18:50:10.932Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-030-02"
},
{
"url": "https://www.newrocktech.com/ContactUs/index.html"
}
],
"source": {
"advisory": "ICSA-25-030-02",
"discovery": "EXTERNAL"
},
"title": "New Rock Technologies Cloud Connected Devices has a Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "New Rock Technologies has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of affected versions of New Rock Technologies Cloud Connected Devices are invited to contact New Rock Technologies customer support\u0026nbsp;for additional information.\u003cbr\u003e"
}
],
"value": "New Rock Technologies has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of affected versions of New Rock Technologies Cloud Connected Devices are invited to contact New Rock Technologies customer support\u00a0for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-0680",
"datePublished": "2025-01-30T18:50:10.932Z",
"dateReserved": "2025-01-23T16:50:54.661Z",
"dateUpdated": "2025-01-30T19:15:29.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0681 (GCVE-0-2025-0681)
Vulnerability from nvd – Published: 2025-01-30 18:53 – Updated: 2025-01-30 19:11
VLAI?
Summary
The Cloud MQTT service of the affected products supports wildcard topic
subscription which could allow an attacker to obtain sensitive
information from tapping the service communications.
Severity ?
6.2 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| New Rock Technologies | OM500 IP-PBX |
Affected:
All
|
||||||||||||
|
||||||||||||||
Credits
Tomer Goldschmidt of Claroty Team82 reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0681",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T19:11:47.355418Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T19:11:58.156Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OM500 IP-PBX",
"vendor": "New Rock Technologies",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MX8G VoIP Gateway",
"vendor": "New Rock Technologies",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NRP1302/P Desktop IP Phone",
"vendor": "New Rock Technologies",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tomer Goldschmidt of Claroty Team82 reported these vulnerabilities to CISA."
}
],
"datePublic": "2025-01-30T17:26:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Cloud MQTT service of the affected products supports wildcard topic \nsubscription which could allow an attacker to obtain sensitive \ninformation from tapping the service communications."
}
],
"value": "The Cloud MQTT service of the affected products supports wildcard topic \nsubscription which could allow an attacker to obtain sensitive \ninformation from tapping the service communications."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-155",
"description": "CWE-155",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T18:53:09.669Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-030-02"
},
{
"url": "https://www.newrocktech.com/ContactUs/index.html"
}
],
"source": {
"advisory": "ICSA-25-030-02",
"discovery": "EXTERNAL"
},
"title": "New Rock Technologies Cloud Connected Devices Improper Neutralization of Wildcards or Matching Symbols",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "New Rock Technologies has not responded to requests to work with CISA to\n mitigate these vulnerabilities. Users of affected versions of New Rock \nTechnologies Cloud Connected Devices are invited to contact New Rock \nTechnologies \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.newrocktech.com/ContactUs/index.html\"\u003ecustomer support\u003c/a\u003e for additional information.\n\n\u003cbr\u003e"
}
],
"value": "New Rock Technologies has not responded to requests to work with CISA to\n mitigate these vulnerabilities. Users of affected versions of New Rock \nTechnologies Cloud Connected Devices are invited to contact New Rock \nTechnologies customer support https://www.newrocktech.com/ContactUs/index.html for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-0681",
"datePublished": "2025-01-30T18:53:09.669Z",
"dateReserved": "2025-01-23T16:50:56.326Z",
"dateUpdated": "2025-01-30T19:11:58.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0680 (GCVE-0-2025-0680)
Vulnerability from nvd – Published: 2025-01-30 18:50 – Updated: 2025-01-30 19:15
VLAI?
Summary
Affected products contain a vulnerability in the device cloud rpc command handling process that could allow remote attackers to take control over arbitrary devices connected to the cloud.
Severity ?
9.8 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| New Rock Technologies | OM500 IP-PBX |
Affected:
All
|
||||||||||||
|
||||||||||||||
Credits
Tomer Goldschmidt of Claroty Team82 reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0680",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T19:13:32.878080Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T19:15:29.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OM500 IP-PBX",
"vendor": "New Rock Technologies",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MX8G VoIP Gateway",
"vendor": "New Rock Technologies",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NRP1302/P Desktop IP Phone",
"vendor": "New Rock Technologies",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tomer Goldschmidt of Claroty Team82 reported these vulnerabilities to CISA."
}
],
"datePublic": "2025-01-30T17:26:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Affected products contain a vulnerability in the device cloud rpc command handling process that could allow remote attackers to take control over arbitrary devices connected to the cloud."
}
],
"value": "Affected products contain a vulnerability in the device cloud rpc command handling process that could allow remote attackers to take control over arbitrary devices connected to the cloud."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T18:50:10.932Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-030-02"
},
{
"url": "https://www.newrocktech.com/ContactUs/index.html"
}
],
"source": {
"advisory": "ICSA-25-030-02",
"discovery": "EXTERNAL"
},
"title": "New Rock Technologies Cloud Connected Devices has a Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "New Rock Technologies has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of affected versions of New Rock Technologies Cloud Connected Devices are invited to contact New Rock Technologies customer support\u0026nbsp;for additional information.\u003cbr\u003e"
}
],
"value": "New Rock Technologies has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of affected versions of New Rock Technologies Cloud Connected Devices are invited to contact New Rock Technologies customer support\u00a0for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-0680",
"datePublished": "2025-01-30T18:50:10.932Z",
"dateReserved": "2025-01-23T16:50:54.661Z",
"dateUpdated": "2025-01-30T19:15:29.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}