Critical Vulnerability in Microsens Devices Exposes Systems to Hackers
A series of critical vulnerabilities have been discovered in MICROSENS NMP Web+, a widely used network management platform for industrial and critical manufacturing environments, putting thousands of organizations worldwide at significant risk of cyberattack.
The flaws, reported by security researchers Tomer Goldschmidt and Noam Moshe of Claroty Team82 and coordinated with the German BSI CERT-Bund, have prompted urgent warnings from the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
Three Severe Vulnerabilities Identified
The vulnerabilities affect NMP Web+ versions 3.2.5 and earlier on both Windows and Linux platforms. They are cataloged as:
| CVE ID | Vulnerability Name | CVSS v3 Base Score | CVSS v4 Base Score |
|---|---|---|---|
| CVE-2025-49151 | Use of Hard-coded, Security-relevant Constants | 9.1 | 9.3 |
| CVE-2025-49152 | Insufficient Session Expiration | 7.5 | 8.7 |
| CVE-2025-49153 | Improper Limitation of a Pathname to a Restricted Directory | 9.8 | 9.3 |
- CVE-2025-49151 (CVSS v4 9.3): The use of a hard-coded JWT secret allows unauthenticated attackers to forge authentication tokens, bypassing security controls and gaining unauthorized access to the system.
- CVE-2025-49152 (CVSS v4 8.7): Insufficient session expiration means that JSON Web Tokens (JWTs) do not expire, enabling attackers to maintain persistent access if they intercept or generate a valid token.
- CVE-2025-49153 (CVSS v4 9.3): A path traversal flaw lets attackers overwrite files and execute arbitrary code remotely, potentially leading to full system compromise without authentication.
These vulnerabilities are particularly alarming due to their low attack complexity and the fact that they can be exploited remotely, requiring no user interaction.
Attackers could chain these flaws to first obtain access and then escalate privileges to take complete control over affected devices.
MICROSENS NMP Web+ is deployed globally across critical manufacturing sectors, managing industrial switches and automation devices.
The systemic risk is heightened by the platform’s role in controlling essential operations, and the vulnerabilities’ potential to disrupt business, operational, and even national security.
MICROSENS has released NMP Web+ version 3.3.0 for both Windows and Linux, addressing all three vulnerabilities.
CISA and industry experts strongly urge all organizations to update immediately. Additional recommendations include:
- Minimizing network exposure and ensuring systems are not accessible from the internet.
- Segregating control system networks behind firewalls and isolating them from business networks.
- Using secure remote access methods, such as up-to-date VPNs, and maintaining strong access controls.
Organizations are also advised to review access logs, invalidate existing session tokens, and monitor for suspicious activity.
The vulnerabilities highlight the ongoing need for security-by-design, regular code review, and a proactive approach to industrial cybersecurity.
While there are currently no known public exploits, the technical documentation demonstrates that these flaws are readily exploitable by skilled actors.
Remaining on outdated software exposes organizations to severe operational and security risks.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates
Source link
