← volver
CVE-2025-64305

Columbia Weather Systems MicroServer Cleartext Storage in a File or on Disk

CVSS 7.1 HIGHEPSS 0.1%CWE-313
MicroServer copies parts of the system firmware to an unencrypted external SD card on boot, which contains user and vendor secrets. An attacker can utilize these plaintext secrets to modify the vendor firmware, or gain admin access to the web portal.
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Productos afectados
Columbia Weather Systems · MicroServer

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-006-01.jsonhttps://www.cisa.gov/news-events/ics-advisories/icsa-26-006-01