CVE-2025-8284 | THREATINT

Description

By default, the Packet Power Monitoring and Control Web Interface do not enforce authentication mechanisms. This vulnerability could allow unauthorized users to access and manipulate monitoring and control functions.

PUBLISHED Reserved 2025-07-28 | Published 2025-08-08 | Updated 2025-08-08 | Assigner icscert

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

Product status

Default status

unaffected

Any version before 4.1.0

affected

Default status

unaffected

Any version before 4.1.0

affected

Credits

Anthony Rose and Jacob Krasnov of BC Security reported this vulnerability to CISA. finder

References

www.cisa.gov/news-events/ics-advisories/icsa-25-219-05

cve.org (CVE-2025-8284)

nvd.nist.gov (CVE-2025-8284)

Download JSON

help @ threatint.eu