CVE-2025-1907

Instantel Micromate lacks authentication on a configuration port which could allow an attacker to execute commands if connected.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-04
https://www.instantel.com/service-and-support/contact-technical-support

Configurations

No configuration.

History

30 May 2025, 16:31

Type	Values Removed	Values Added
Summary		(es) Instantel Micromate carece de autenticación en un puerto de configuración, lo que podría permitir que un atacante ejecute comandos si está conectado.

30 May 2025, 00:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-30 00:15

Updated : 2025-05-30 16:31

NVD link : CVE-2025-1907

Mitre link : CVE-2025-1907

CVE.ORG link : CVE-2025-1907

JSON object : View

Products Affected

No product.

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2025-1907", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-05-30T00:15:22.830", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-04", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.instantel.com/service-and-support/contact-technical-support", "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "Instantel Micromate lacks authentication on a configuration port which could allow an attacker to execute commands if connected."}, {"lang": "es", "value": "Instantel Micromate carece de autenticaci\u00f3n en un puerto de configuraci\u00f3n, lo que podr\u00eda permitir que un atacante ejecute comandos si est\u00e1 conectado."}], "lastModified": "2025-05-30T16:31:03.107", "sourceIdentifier": "ics-cert@hq.dhs.gov"}