In this Team82 report, we analyzed a subset of engineering workstations (EWS) and human-machine interfaces (HMIs) from a sample of more than 125,000 OT assets, and found that more than one-third are insecurely connected to the internet and also contain at least one confirmed vulnerability that has been publicly exploited.
CWE-88 IMPROPER NEUTRALIZATION OF ARGUMENT DELIMITERS IN A COMMAND ('ARGUMENT INJECTION'):
An argument injection vulnerability exists in the affected product that could allow an attacker to execute arbitrary code within the context of the host machine.
IDIS provided the following mitigations:
Users who continue to use the ICM Viewer, they must access https://icm.idisglobal.com and follow the instructions provided to upgrade to version v1.7.1. IDIS requires all users to upgrade to v1.7.1. Failure to do so will render the ICM Viewer unusable.
For those who do not use the ICM Viewer: They must immediately uninstall the program.
CVSS v3: 8.8
CWE-15 EXTERNAL CONTROL OF SYSTEM OR CONFIGURATION SETTING:
A post-authenticated external control of system web interface configuration setting vulnerability exists in the Danfoss AK-SM8xxA Series prior to version 4.3.1, which could allow for a denial-of-service attack induced by improper handling of exceptional conditions.
Danfoss created release R4.3.1 to address CVE-2025-41452.
CVSS v3: 5.4
CWE-77 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN A COMMAND ('Command Injection'):
Improper neutralization of alarm-to-mail configuration fields used in an OS shell command injection in Danfoss AK-SM8xxA Series, prior to version 4.3.1, may lead to post-authenticated remote code execution on an attacked system.
Danfoss created release R4.3.1 to address CVE-2025-41451.
CVSS v3: 7.6
CWE-617 REACHABLE ASSERTION:
Affected devices do not properly validate input sent to its listening port on the local loopback interface. This could allow an unauthenticated local attacker to cause a denial of service condition.
Users are urged to update to SIMATIC RTLS Locating Manager: V3.3 or later version.
CVSS v3: 6.2
CWE-23 RELATIVE PATH TRAVERSAL:
An 'Arbitary File Deletion' in Samsung DMS (Data Management Server) allows attackers to delete arbitary files from unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses.
Samsung recommends users to contact a Samsung call center or installer for a software update.
This product is not intended to be connected to the Internet, so please disconnect it from the Internet. Refer to the following statement in the manual: "Use this product only in a separate dedicated network. Samsung Electronics is not liable for any problems caused by connecting it to the Internet or an intranet."
CVSS v3: 8.1
