← voltar
CVE-2025-64305

Columbia Weather Systems MicroServer Cleartext Storage in a File or on Disk

CVSS 7.1 HIGHEPSS 0.1%CWE-313
MicroServer copies parts of the system firmware to an unencrypted external SD card on boot, which contains user and vendor secrets. An attacker can utilize these plaintext secrets to modify the vendor firmware, or gain admin access to the web portal.
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Produtos afetados
Columbia Weather Systems · MicroServer

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-006-01.jsonhttps://www.cisa.gov/news-events/ics-advisories/icsa-26-006-01