Vulnerabilites related to advantech - wise-4050lan_firmware
CVE-2025-48463 (GCVE-0-2025-48463)
Vulnerability from cvelistv5
Published
2025-06-24 02:10
Modified
2025-06-25 13:14
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Successful exploitation of the vulnerability could allow an attacker to intercept data and conduct session hijacking on the exposed data as the vulnerable product uses unencrypted HTTP communication, potentially leading to unauthorised access or data tampering.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech | Advantech Wireless Sensing and Equipment (WISE) |
Version: A2.01 B00 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48463",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-24T16:38:29.629508Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T13:14:07.630Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Advantech Wireless Sensing and Equipment (WISE)",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "A2.01 B00"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chua Wei Xun"
}
],
"datePublic": "2025-06-24T02:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Successful exploitation of the vulnerability could allow an attacker to intercept data and conduct session hijacking on the exposed data as the vulnerable product uses unencrypted HTTP communication, potentially leading to unauthorised access or data tampering."
}
],
"value": "Successful exploitation of the vulnerability could allow an attacker to intercept data and conduct session hijacking on the exposed data as the vulnerable product uses unencrypted HTTP communication, potentially leading to unauthorised access or data tampering."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T02:47:35.905Z",
"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"shortName": "CSA"
},
"references": [
{
"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability can be mitigated by enabling the Security Mode, an existing configuration feature available in previous firmware versions. Security Mode restricts access to unsecured web interfaces and disables unnecessary services to reduce attack surfaces. Users and administrators of affected products are strongly advised to enable Security Mode immediately after configuration.\n\n\u003cbr\u003e"
}
],
"value": "This vulnerability can be mitigated by enabling the Security Mode, an existing configuration feature available in previous firmware versions. Security Mode restricts access to unsecured web interfaces and disables unnecessary services to reduce attack surfaces. Users and administrators of affected products are strongly advised to enable Security Mode immediately after configuration."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unencrypted HTTP Communication",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"assignerShortName": "CSA",
"cveId": "CVE-2025-48463",
"datePublished": "2025-06-24T02:10:39.085Z",
"dateReserved": "2025-05-22T09:41:25.401Z",
"dateUpdated": "2025-06-25T13:14:07.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48462 (GCVE-0-2025-48462)
Vulnerability from cvelistv5
Published
2025-06-24 02:08
Modified
2025-06-25 13:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Successful exploitation of the vulnerability could allow an attacker to consume all available session slots and block other users from logging in, thereby preventing legitimate users from gaining access to the product.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech | Advantech Wireless Sensing and Equipment (WISE) |
Version: A2.01 B00 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48462",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-24T16:42:45.283647Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T13:25:06.014Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Advantech Wireless Sensing and Equipment (WISE)",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "A2.01 B00"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marc Heuse"
}
],
"datePublic": "2025-06-24T02:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Successful exploitation of the vulnerability could allow an attacker to consume all available session slots and block other users from logging in, thereby preventing legitimate users from gaining access to the product."
}
],
"value": "Successful exploitation of the vulnerability could allow an attacker to consume all available session slots and block other users from logging in, thereby preventing legitimate users from gaining access to the product."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T02:46:38.973Z",
"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"shortName": "CSA"
},
"references": [
{
"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability can be mitigated by enabling the Security Mode, an existing configuration feature available in previous firmware versions. Security Mode restricts access to unsecured web interfaces and disables unnecessary services to reduce attack surfaces. Users and administrators of affected products are strongly advised to enable Security Mode immediately after configuration.\n\n\u003cbr\u003e"
}
],
"value": "This vulnerability can be mitigated by enabling the Security Mode, an existing configuration feature available in previous firmware versions. Security Mode restricts access to unsecured web interfaces and disables unnecessary services to reduce attack surfaces. Users and administrators of affected products are strongly advised to enable Security Mode immediately after configuration."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Login Session Exhaustion",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"assignerShortName": "CSA",
"cveId": "CVE-2025-48462",
"datePublished": "2025-06-24T02:08:58.607Z",
"dateReserved": "2025-05-22T09:41:25.401Z",
"dateUpdated": "2025-06-25T13:25:06.014Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48470 (GCVE-0-2025-48470)
Vulnerability from cvelistv5
Published
2025-06-24 02:19
Modified
2025-06-25 13:01
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Successful exploitation of the stored cross-site scripting vulnerability could allow an attacker to inject malicious scripts into device fields and executed in other users’ browser, potentially leading to session hijacking, defacement, credential theft, or privilege escalation.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech | Advantech Wireless Sensing and Equipment (WISE) |
Version: A2.01 B00 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48470",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-24T15:12:22.447926Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T13:01:16.041Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Advantech Wireless Sensing and Equipment (WISE)",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "A2.01 B00"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jay Turla"
},
{
"lang": "en",
"type": "finder",
"value": "Japz Divino"
},
{
"lang": "en",
"type": "finder",
"value": "Jerold Camacho"
}
],
"datePublic": "2025-06-24T02:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Successful exploitation of the stored cross-site scripting vulnerability could allow an attacker to inject malicious scripts into device fields and executed in other users\u2019 browser, potentially leading to session hijacking, defacement, credential theft, or privilege escalation."
}
],
"value": "Successful exploitation of the stored cross-site scripting vulnerability could allow an attacker to inject malicious scripts into device fields and executed in other users\u2019 browser, potentially leading to session hijacking, defacement, credential theft, or privilege escalation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T02:31:24.592Z",
"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"shortName": "CSA"
},
"references": [
{
"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability can be mitigated by enabling the Security Mode, an existing configuration feature available in previous firmware versions. Security Mode restricts access to unsecured web interfaces and disables unnecessary services to reduce attack surfaces. Users and administrators of affected products are strongly advised to enable Security Mode immediately after configuration.\n\n\u003cbr\u003e"
}
],
"value": "This vulnerability can be mitigated by enabling the Security Mode, an existing configuration feature available in previous firmware versions. Security Mode restricts access to unsecured web interfaces and disables unnecessary services to reduce attack surfaces. Users and administrators of affected products are strongly advised to enable Security Mode immediately after configuration."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stored Cross site Scripting (XSS)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"assignerShortName": "CSA",
"cveId": "CVE-2025-48470",
"datePublished": "2025-06-24T02:19:33.670Z",
"dateReserved": "2025-05-22T09:41:25.402Z",
"dateUpdated": "2025-06-25T13:01:16.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48469 (GCVE-0-2025-48469)
Vulnerability from cvelistv5
Published
2025-06-24 02:17
Modified
2025-06-25 12:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload firmware through a public update page, potentially leading to backdoor installation or privilege escalation.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech | Advantech Wireless Sensing and Equipment (WISE) |
Version: A2.01 B00 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48469",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-24T15:13:31.341676Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T12:57:05.750Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Advantech Wireless Sensing and Equipment (WISE)",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "A2.01 B00"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lam Jun Rong"
}
],
"datePublic": "2025-06-24T02:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload firmware through a public update page, potentially leading to backdoor installation or privilege escalation."
}
],
"value": "Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload firmware through a public update page, potentially leading to backdoor installation or privilege escalation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T02:27:44.846Z",
"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"shortName": "CSA"
},
"references": [
{
"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061/"
},
{
"url": "https://jro.sg/CVEs/CVE-2025-48469/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Firmware Upload",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"assignerShortName": "CSA",
"cveId": "CVE-2025-48469",
"datePublished": "2025-06-24T02:17:41.939Z",
"dateReserved": "2025-05-22T09:41:25.402Z",
"dateUpdated": "2025-06-25T12:57:05.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48467 (GCVE-0-2025-48467)
Vulnerability from cvelistv5
Published
2025-06-24 02:14
Modified
2025-06-25 13:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Successful exploitation of the vulnerability could allow an attacker to cause repeated reboots, potentially leading to remote denial-of-service and system unavailability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech | Advantech Wireless Sensing and Equipment (WISE) |
Version: A2.01 B00 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48467",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-24T15:24:29.015334Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T13:21:55.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Advantech Wireless Sensing and Equipment (WISE)",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "A2.01 B00"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marc Heuse"
}
],
"datePublic": "2025-06-24T02:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Successful exploitation of the vulnerability could allow an attacker to cause repeated reboots, potentially leading to remote denial-of-service and system unavailability."
}
],
"value": "Successful exploitation of the vulnerability could allow an attacker to cause repeated reboots, potentially leading to remote denial-of-service and system unavailability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T02:40:53.208Z",
"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"shortName": "CSA"
},
"references": [
{
"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Users and administrators of affected products are advised to update to firmware version A2.02 B00 and disable Modbus TCP if it is not required in their deployment.\n\n\u003cbr\u003e"
}
],
"value": "Users and administrators of affected products are advised to update to firmware version A2.02 B00 and disable Modbus TCP if it is not required in their deployment."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Denial of Service via Malformed Modbus Packets",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"assignerShortName": "CSA",
"cveId": "CVE-2025-48467",
"datePublished": "2025-06-24T02:14:44.681Z",
"dateReserved": "2025-05-22T09:41:25.402Z",
"dateUpdated": "2025-06-25T13:21:55.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48468 (GCVE-0-2025-48468)
Vulnerability from cvelistv5
Published
2025-06-24 02:16
Modified
2025-06-25 13:30
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Successful exploitation of the vulnerability could allow an attacker that has physical access to interface with JTAG to inject or modify firmware.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech | Advantech Wireless Sensing and Equipment (WISE) |
Version: A2.01 B00 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48468",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-24T15:22:48.623146Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1191",
"description": "CWE-1191 On-Chip Debug and Test Interface With Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T13:30:04.047Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Advantech Wireless Sensing and Equipment (WISE)",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "A2.01 B00"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marc Heuse"
}
],
"datePublic": "2025-06-24T02:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Successful exploitation of the vulnerability could allow an attacker that has physical access to interface with JTAG to inject or modify firmware."
}
],
"value": "Successful exploitation of the vulnerability could allow an attacker that has physical access to interface with JTAG to inject or modify firmware."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T02:42:46.257Z",
"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"shortName": "CSA"
},
"references": [
{
"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Users and administrators of affected products are advised to update to firmware version A2.02 B00.\n\n\u003cbr\u003e"
}
],
"value": "Users and administrators of affected products are advised to update to firmware version A2.02 B00."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Open JTAG Debug Port",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"assignerShortName": "CSA",
"cveId": "CVE-2025-48468",
"datePublished": "2025-06-24T02:16:21.830Z",
"dateReserved": "2025-05-22T09:41:25.402Z",
"dateUpdated": "2025-06-25T13:30:04.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48466 (GCVE-0-2025-48466)
Vulnerability from cvelistv5
Published
2025-06-24 02:12
Modified
2025-06-25 12:59
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Successful exploitation of the vulnerability could allow an unauthenticated, remote attacker to send Modbus TCP packets to manipulate Digital Outputs, potentially allowing remote control of relay channel which may lead to operational or safety risks.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech | Advantech Wireless Sensing and Equipment (WISE) |
Version: A2.01 B00 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48466",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-24T15:25:23.267947Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T12:59:38.016Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Advantech Wireless Sensing and Equipment (WISE)",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "A2.01 B00"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jay Turla"
},
{
"lang": "en",
"type": "finder",
"value": "Japz Divino"
},
{
"lang": "en",
"type": "finder",
"value": "Jerold Camacho"
}
],
"datePublic": "2025-06-24T02:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Successful exploitation of the vulnerability could allow an unauthenticated, remote attacker to send Modbus TCP packets to manipulate Digital Outputs, potentially allowing remote control of relay channel which may lead to operational or safety risks."
}
],
"value": "Successful exploitation of the vulnerability could allow an unauthenticated, remote attacker to send Modbus TCP packets to manipulate Digital Outputs, potentially allowing remote control of relay channel which may lead to operational or safety risks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T02:30:12.664Z",
"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"shortName": "CSA"
},
"references": [
{
"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061"
},
{
"url": "https://github.com/shipcod3/CVE-2025-48466"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Users and administrators of affected products are advised to update to firmware version A2.02 B00 and disable Modbus TCP if it is not required in their deployment.\n\n\u003cbr\u003e"
}
],
"value": "Users and administrators of affected products are advised to update to firmware version A2.02 B00 and disable Modbus TCP if it is not required in their deployment."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Modbus Command Injection without Authentication",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"assignerShortName": "CSA",
"cveId": "CVE-2025-48466",
"datePublished": "2025-06-24T02:12:41.743Z",
"dateReserved": "2025-05-22T09:41:25.402Z",
"dateUpdated": "2025-06-25T12:59:38.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48461 (GCVE-0-2025-48461)
Vulnerability from cvelistv5
Published
2025-06-24 02:02
Modified
2025-06-25 13:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Successful exploitation of the vulnerability could allow an unauthenticated attacker to conduct brute force guessing and account takeover as the session cookies are predictable, potentially allowing the attackers to gain root, admin or user access and reset passwords.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech | Advantech Wireless Sensing and Equipment (WISE) |
Version: A2.01 B00 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48461",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-24T16:45:36.031567Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-341",
"description": "CWE-341 Predictable from Observable State",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T13:23:33.993Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Advantech Wireless Sensing and Equipment (WISE)",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "A2.01 B00"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joel Chang Zhi Kai"
}
],
"datePublic": "2025-06-24T02:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Successful exploitation of the vulnerability could allow an unauthenticated attacker to conduct brute force guessing and account takeover as the session cookies are predictable, potentially allowing the attackers to gain root, admin or user access and reset passwords."
}
],
"value": "Successful exploitation of the vulnerability could allow an unauthenticated attacker to conduct brute force guessing and account takeover as the session cookies are predictable, potentially allowing the attackers to gain root, admin or user access and reset passwords."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T02:33:00.989Z",
"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"shortName": "CSA"
},
"references": [
{
"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability can be mitigated by enabling the Security Mode, an existing configuration feature available in previous firmware versions. Security Mode restricts access to unsecured web interfaces and disables unnecessary services to reduce attack surfaces. Users and administrators of affected products are strongly advised to enable Security Mode immediately after configuration.\n\n\u003cbr\u003e"
}
],
"value": "This vulnerability can be mitigated by enabling the Security Mode, an existing configuration feature available in previous firmware versions. Security Mode restricts access to unsecured web interfaces and disables unnecessary services to reduce attack surfaces. Users and administrators of affected products are strongly advised to enable Security Mode immediately after configuration."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Weak Session Cookie Entropy",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"assignerShortName": "CSA",
"cveId": "CVE-2025-48461",
"datePublished": "2025-06-24T02:02:08.633Z",
"dateReserved": "2025-05-22T09:41:25.401Z",
"dateUpdated": "2025-06-25T13:23:33.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2025-06-24 03:15
Modified
2025-07-09 15:03
Severity ?
Summary
Successful exploitation of the vulnerability could allow an attacker to intercept data and conduct session hijacking on the exposed data as the vulnerable product uses unencrypted HTTP communication, potentially leading to unauthorised access or data tampering.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| 5f57b9bf-260d-4433-bf07-b6a79e9bb7d4 | https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| advantech | wise-4060lan_firmware | - | |
| advantech | wise-4060lan | - | |
| advantech | wise-4050lan_firmware | - | |
| advantech | wise-4050lan | - | |
| advantech | wise-4010lan_firmware | - | |
| advantech | wise-4010lan | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:wise-4060lan_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40764D08-8173-4AF3-BB93-249D12A9D07D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:wise-4060lan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7DCE031-021A-47BC-B81C-1B0DCB9EB8F1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:wise-4050lan_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CFD6963-E219-48F1-8BDE-C3D9F6B2091B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:wise-4050lan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72DFF800-1684-4038-BB79-C679DCAF4105",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:wise-4010lan_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87715BBD-E9A9-404A-B11E-CFCE0E4CA409",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:wise-4010lan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9241107A-6586-475F-AE13-C541F9AE8AE6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Successful exploitation of the vulnerability could allow an attacker to intercept data and conduct session hijacking on the exposed data as the vulnerable product uses unencrypted HTTP communication, potentially leading to unauthorised access or data tampering."
},
{
"lang": "es",
"value": "La explotaci\u00f3n exitosa de la vulnerabilidad podr\u00eda permitir a un atacante interceptar datos y realizar un secuestro de sesi\u00f3n en los datos expuestos, ya que el producto vulnerable utiliza una comunicaci\u00f3n HTTP no cifrada, lo que potencialmente conduce a un acceso no autorizado o a la manipulaci\u00f3n de datos."
}
],
"id": "CVE-2025-48463",
"lastModified": "2025-07-09T15:03:14.890",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"type": "Secondary"
}
]
},
"published": "2025-06-24T03:15:33.870",
"references": [
{
"source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"tags": [
"Third Party Advisory"
],
"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061"
}
],
"sourceIdentifier": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-24 03:15
Modified
2025-07-09 15:02
Severity ?
Summary
Successful exploitation of the vulnerability could allow an unauthenticated attacker to conduct brute force guessing and account takeover as the session cookies are predictable, potentially allowing the attackers to gain root, admin or user access and reset passwords.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| 5f57b9bf-260d-4433-bf07-b6a79e9bb7d4 | https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| advantech | wise-4060lan_firmware | - | |
| advantech | wise-4060lan | - | |
| advantech | wise-4050lan_firmware | - | |
| advantech | wise-4050lan | - | |
| advantech | wise-4010lan_firmware | - | |
| advantech | wise-4010lan | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:wise-4060lan_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40764D08-8173-4AF3-BB93-249D12A9D07D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:wise-4060lan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7DCE031-021A-47BC-B81C-1B0DCB9EB8F1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:wise-4050lan_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CFD6963-E219-48F1-8BDE-C3D9F6B2091B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:wise-4050lan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72DFF800-1684-4038-BB79-C679DCAF4105",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:wise-4010lan_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87715BBD-E9A9-404A-B11E-CFCE0E4CA409",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:wise-4010lan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9241107A-6586-475F-AE13-C541F9AE8AE6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Successful exploitation of the vulnerability could allow an unauthenticated attacker to conduct brute force guessing and account takeover as the session cookies are predictable, potentially allowing the attackers to gain root, admin or user access and reset passwords."
},
{
"lang": "es",
"value": "La explotaci\u00f3n exitosa de la vulnerabilidad podr\u00eda permitir a un atacante no autenticado realizar conjeturas por fuerza bruta y tomar el control de la cuenta, ya que las cookies de sesi\u00f3n son predecibles, lo que potencialmente permite a los atacantes obtener acceso de root, administrador o usuario y restablecer contrase\u00f1as."
}
],
"id": "CVE-2025-48461",
"lastModified": "2025-07-09T15:02:51.153",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.4,
"source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"type": "Secondary"
}
]
},
"published": "2025-06-24T03:15:33.613",
"references": [
{
"source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"tags": [
"Third Party Advisory"
],
"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061/"
}
],
"sourceIdentifier": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-341"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-24 03:15
Modified
2025-07-09 15:20
Severity ?
Summary
Successful exploitation of the vulnerability could allow an attacker that has physical access to interface with JTAG to inject or modify firmware.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| advantech | wise-4010lan_firmware | 2.02b00 | |
| advantech | wise-4010lan | - | |
| advantech | wise-4050lan_firmware | 2.02b00 | |
| advantech | wise-4050lan | - | |
| advantech | wise-4060lan_firmware | 2.02b00 | |
| advantech | wise-4060lan | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:wise-4010lan_firmware:2.02b00:*:*:*:*:*:*:*",
"matchCriteriaId": "329D6F6B-850F-408B-8335-820C61C1085D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:wise-4010lan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9241107A-6586-475F-AE13-C541F9AE8AE6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:wise-4050lan_firmware:2.02b00:*:*:*:*:*:*:*",
"matchCriteriaId": "108653D3-5184-44B1-B2BE-F8D7E8011058",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:wise-4050lan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72DFF800-1684-4038-BB79-C679DCAF4105",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:wise-4060lan_firmware:2.02b00:*:*:*:*:*:*:*",
"matchCriteriaId": "F6FD59CB-F033-4D1B-A24C-32C361ACCD5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:wise-4060lan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7DCE031-021A-47BC-B81C-1B0DCB9EB8F1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Successful exploitation of the vulnerability could allow an attacker that has physical access to interface with JTAG to inject or modify firmware."
},
{
"lang": "es",
"value": "La explotaci\u00f3n exitosa de la vulnerabilidad podr\u00eda permitir que un atacante con acceso f\u00edsico a la interfaz con JTAG inyecte o modifique el firmware."
}
],
"id": "CVE-2025-48468",
"lastModified": "2025-07-09T15:20:29.410",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"type": "Secondary"
}
]
},
"published": "2025-06-24T03:15:34.267",
"references": [
{
"source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"tags": [
"Vendor Advisory"
],
"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061"
}
],
"sourceIdentifier": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1191"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-24 03:15
Modified
2025-07-09 15:03
Severity ?
Summary
Successful exploitation of the vulnerability could allow an attacker to consume all available session slots and block other users from logging in, thereby preventing legitimate users from gaining access to the product.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| 5f57b9bf-260d-4433-bf07-b6a79e9bb7d4 | https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| advantech | wise-4060lan_firmware | - | |
| advantech | wise-4060lan | - | |
| advantech | wise-4050lan_firmware | - | |
| advantech | wise-4050lan | - | |
| advantech | wise-4010lan_firmware | - | |
| advantech | wise-4010lan | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:wise-4060lan_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40764D08-8173-4AF3-BB93-249D12A9D07D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:wise-4060lan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7DCE031-021A-47BC-B81C-1B0DCB9EB8F1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:wise-4050lan_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CFD6963-E219-48F1-8BDE-C3D9F6B2091B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:wise-4050lan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72DFF800-1684-4038-BB79-C679DCAF4105",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:wise-4010lan_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87715BBD-E9A9-404A-B11E-CFCE0E4CA409",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:wise-4010lan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9241107A-6586-475F-AE13-C541F9AE8AE6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Successful exploitation of the vulnerability could allow an attacker to consume all available session slots and block other users from logging in, thereby preventing legitimate users from gaining access to the product."
},
{
"lang": "es",
"value": "La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir a un atacante consumir todos los espacios de sesi\u00f3n disponibles y bloquear el inicio de sesi\u00f3n de otros usuarios, impidiendo as\u00ed que los usuarios leg\u00edtimos obtengan acceso al producto."
}
],
"id": "CVE-2025-48462",
"lastModified": "2025-07-09T15:03:03.620",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 3.6,
"source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"type": "Secondary"
}
]
},
"published": "2025-06-24T03:15:33.753",
"references": [
{
"source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"tags": [
"Third Party Advisory"
],
"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061"
}
],
"sourceIdentifier": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-24 03:15
Modified
2025-07-09 15:21
Severity ?
Summary
Successful exploitation of the stored cross-site scripting vulnerability could allow an attacker to inject malicious scripts into device fields and executed in other users’ browser, potentially leading to session hijacking, defacement, credential theft, or privilege escalation.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| 5f57b9bf-260d-4433-bf07-b6a79e9bb7d4 | https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| advantech | wise-4010lan_firmware | - | |
| advantech | wise-4010lan | - | |
| advantech | wise-4050lan_firmware | - | |
| advantech | wise-4050lan | - | |
| advantech | wise-4060lan_firmware | - | |
| advantech | wise-4060lan | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:wise-4010lan_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87715BBD-E9A9-404A-B11E-CFCE0E4CA409",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:wise-4010lan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9241107A-6586-475F-AE13-C541F9AE8AE6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:wise-4050lan_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CFD6963-E219-48F1-8BDE-C3D9F6B2091B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:wise-4050lan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72DFF800-1684-4038-BB79-C679DCAF4105",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:wise-4060lan_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40764D08-8173-4AF3-BB93-249D12A9D07D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:wise-4060lan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7DCE031-021A-47BC-B81C-1B0DCB9EB8F1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Successful exploitation of the stored cross-site scripting vulnerability could allow an attacker to inject malicious scripts into device fields and executed in other users\u2019 browser, potentially leading to session hijacking, defacement, credential theft, or privilege escalation."
},
{
"lang": "es",
"value": "La explotaci\u00f3n exitosa de la vulnerabilidad de cross-site scripting almacenado podr\u00eda permitir a un atacante inyectar secuencias de comandos maliciosas en los campos del dispositivo y ejecutarlas en el navegador de otros usuarios, lo que podr\u00eda conducir al secuestro de sesi\u00f3n, desfiguraci\u00f3n, robo de credenciales o escalada de privilegios. "
}
],
"id": "CVE-2025-48470",
"lastModified": "2025-07-09T15:21:40.570",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 3.4,
"source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"type": "Secondary"
}
]
},
"published": "2025-06-24T03:15:34.523",
"references": [
{
"source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"tags": [
"Third Party Advisory"
],
"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061"
}
],
"sourceIdentifier": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-24 03:15
Modified
2025-07-09 15:20
Severity ?
Summary
Successful exploitation of the vulnerability could allow an attacker to cause repeated reboots, potentially leading to remote denial-of-service and system unavailability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| 5f57b9bf-260d-4433-bf07-b6a79e9bb7d4 | https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| advantech | wise-4010lan_firmware | 2.02b00 | |
| advantech | wise-4010lan | - | |
| advantech | wise-4050lan_firmware | 2.02b00 | |
| advantech | wise-4050lan | - | |
| advantech | wise-4060lan_firmware | 2.02b00 | |
| advantech | wise-4060lan | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:wise-4010lan_firmware:2.02b00:*:*:*:*:*:*:*",
"matchCriteriaId": "329D6F6B-850F-408B-8335-820C61C1085D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:wise-4010lan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9241107A-6586-475F-AE13-C541F9AE8AE6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:wise-4050lan_firmware:2.02b00:*:*:*:*:*:*:*",
"matchCriteriaId": "108653D3-5184-44B1-B2BE-F8D7E8011058",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:wise-4050lan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72DFF800-1684-4038-BB79-C679DCAF4105",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:wise-4060lan_firmware:2.02b00:*:*:*:*:*:*:*",
"matchCriteriaId": "F6FD59CB-F033-4D1B-A24C-32C361ACCD5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:wise-4060lan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7DCE031-021A-47BC-B81C-1B0DCB9EB8F1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Successful exploitation of the vulnerability could allow an attacker to cause repeated reboots, potentially leading to remote denial-of-service and system unavailability."
},
{
"lang": "es",
"value": "La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir a un atacante provocar reinicios repetidos, lo que podr\u00eda derivar en una denegaci\u00f3n de servicio remota y en la indisponibilidad del sistema."
}
],
"id": "CVE-2025-48467",
"lastModified": "2025-07-09T15:20:17.210",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"type": "Secondary"
}
]
},
"published": "2025-06-24T03:15:34.140",
"references": [
{
"source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"tags": [
"Third Party Advisory"
],
"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061"
}
],
"sourceIdentifier": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-24 03:15
Modified
2025-07-09 17:18
Severity ?
Summary
Successful exploitation of the vulnerability could allow an unauthenticated, remote attacker to send Modbus TCP packets to manipulate Digital Outputs, potentially allowing remote control of relay channel which may lead to operational or safety risks.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| 5f57b9bf-260d-4433-bf07-b6a79e9bb7d4 | https://github.com/shipcod3/CVE-2025-48466 | Exploit, Third Party Advisory | |
| 5f57b9bf-260d-4433-bf07-b6a79e9bb7d4 | https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| advantech | wise-4060lan_firmware | 2.02b00 | |
| advantech | wise-4060lan | - | |
| advantech | wise-4050lan_firmware | - | |
| advantech | wise-4050lan | - | |
| advantech | wise-4010lan_firmware | - | |
| advantech | wise-4010lan | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:wise-4060lan_firmware:2.02b00:*:*:*:*:*:*:*",
"matchCriteriaId": "F6FD59CB-F033-4D1B-A24C-32C361ACCD5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:wise-4060lan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7DCE031-021A-47BC-B81C-1B0DCB9EB8F1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:wise-4050lan_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CFD6963-E219-48F1-8BDE-C3D9F6B2091B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:wise-4050lan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72DFF800-1684-4038-BB79-C679DCAF4105",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:wise-4010lan_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87715BBD-E9A9-404A-B11E-CFCE0E4CA409",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:wise-4010lan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9241107A-6586-475F-AE13-C541F9AE8AE6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Successful exploitation of the vulnerability could allow an unauthenticated, remote attacker to send Modbus TCP packets to manipulate Digital Outputs, potentially allowing remote control of relay channel which may lead to operational or safety risks."
},
{
"lang": "es",
"value": "La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir que un atacante remoto no autenticado env\u00ede paquetes Modbus TCP para manipular salidas digitales, lo que potencialmente permitir\u00eda el control remoto del canal de rel\u00e9 que podr\u00eda generar riesgos operativos o de seguridad."
}
],
"id": "CVE-2025-48466",
"lastModified": "2025-07-09T17:18:23.727",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"type": "Secondary"
}
]
},
"published": "2025-06-24T03:15:34.013",
"references": [
{
"source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/shipcod3/CVE-2025-48466"
},
{
"source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"tags": [
"Third Party Advisory"
],
"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061"
}
],
"sourceIdentifier": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-24 03:15
Modified
2025-07-09 15:21
Severity ?
Summary
Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload firmware through a public update page, potentially leading to backdoor installation or privilege escalation.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| 5f57b9bf-260d-4433-bf07-b6a79e9bb7d4 | https://jro.sg/CVEs/CVE-2025-48469/ | Exploit, Third Party Advisory | |
| 5f57b9bf-260d-4433-bf07-b6a79e9bb7d4 | https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| advantech | wise-4060lan_firmware | - | |
| advantech | wise-4060lan | - | |
| advantech | wise-4050lan_firmware | - | |
| advantech | wise-4050lan | - | |
| advantech | wise-4010lan_firmware | - | |
| advantech | wise-4010lan | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:wise-4060lan_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40764D08-8173-4AF3-BB93-249D12A9D07D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:wise-4060lan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7DCE031-021A-47BC-B81C-1B0DCB9EB8F1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:wise-4050lan_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CFD6963-E219-48F1-8BDE-C3D9F6B2091B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:wise-4050lan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72DFF800-1684-4038-BB79-C679DCAF4105",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:wise-4010lan_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87715BBD-E9A9-404A-B11E-CFCE0E4CA409",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:wise-4010lan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9241107A-6586-475F-AE13-C541F9AE8AE6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload firmware through a public update page, potentially leading to backdoor installation or privilege escalation."
},
{
"lang": "es",
"value": "La explotaci\u00f3n exitosa de la vulnerabilidad podr\u00eda permitir que un atacante no autenticado cargue firmware a trav\u00e9s de una p\u00e1gina de actualizaci\u00f3n p\u00fablica, lo que podr\u00eda conducir a la instalaci\u00f3n de una puerta trasera o a una escalada de privilegios."
}
],
"id": "CVE-2025-48469",
"lastModified": "2025-07-09T15:21:28.920",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"type": "Secondary"
}
]
},
"published": "2025-06-24T03:15:34.390",
"references": [
{
"source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://jro.sg/CVEs/CVE-2025-48469/"
},
{
"source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"tags": [
"Third Party Advisory"
],
"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061/"
}
],
"sourceIdentifier": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}