← volver
CVE-2025-52586

EG4 Electronics EG4 Inverters Cleartext Transmission of Sensitive Information

CVSS 7.5 HIGHEPSS 0.1%CWE-319
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.5EPSS 0.1%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
08 ago 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The MOD3 command traffic between the monitoring application and the inverter is transmitted in plaintext without encryption or obfuscation. This vulnerability may allow an attacker with access to a local network to intercept, manipulate, replay, or forge critical data, including read/write operations for voltage, current, and power configuration, operational status, alarms, telemetry, system reset, or inverter control commands, potentially disrupting power generation or reconfiguring inverter settings.
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
Productos afectados
EG4 Electronics · EG4 12000XPEG4 Electronics · EG4 12kPVEG4 Electronics · EG4 18kPVEG4 Electronics · EG4 6000XPEG4 Electronics · EG4 Flex 18EG4 Electronics · EG4 Flex 21EG4 Electronics · EG4 GridBoss

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://eg4electronics.com/contact/https://eg4electronics.com/wp-content/uploads/2025/09/EG4-Wi-Fi-Dongle-Dongle-Firmware-Update.pdfhttps://www.cisa.gov/news-events/ics-advisories/icsa-25-219-07