Home

Description

An adjacent attacker without authentication can exploit this vulnerability to retrieve a set of user-privileged credentials. These credentials are present during the firmware upgrade procedure.

PUBLISHED Reserved 2025-08-06 | Published 2025-09-18 | Updated 2025-09-19 | Assigner icscert




HIGH: 8.6CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-319 Cleartext Transmission of Sensitive Information

Product status

Default status
unaffected

5.x (custom)
affected

Default status
unaffected

5.x (custom)
affected

Default status
unaffected

5.x (custom)
affected

Default status
unaffected

5.x (custom)
affected

Default status
unaffected

5.x (custom)
affected

Credits

Diego Giubertoni of Nozomi Networks reported these vulnerabilities to CISA. finder

References

www.cisa.gov/news-events/ics-advisories/icsa-25-261-06

cve.org (CVE-2025-47698)

nvd.nist.gov (CVE-2025-47698)

Download JSON