A critical security flaw in Daikin Security Gateway systems has been discovered that could enable attackers to bypass authentication and gain unauthorized access to industrial control systems.
The vulnerability, tracked as CVE-2025-10127, affects organizations worldwide that rely on Daikin’s security infrastructure for protecting critical energy sector operations.
Critical Authentication Bypass Discovered
The vulnerability stems from a weak password recovery mechanism that allows unauthorized attackers to bypass authentication entirely.
Security researchers found that the Daikin Security Gateway contains an authorization bypass through a user-controlled key vulnerability, enabling attackers to access systems without any prior credentials or authentication.
| CVE Number | Affected Product | Vulnerability Type | CVSS 3.1 Score | CVSS 4.0 Score |
| CVE-2025-10127 | Daikin Security Gateway (App: 100, Frm: 214) | Weak Password Recovery Mechanism for Forgotten Password (CWE-640) | 9.8 (Critical) | 8.8 (High) |
CISA discovered a public Proof of Concept (PoC) exploit authored by security researcher Gjoko Krstic and immediately reported the findings to Daikin.
The vulnerability affects Security Gateway systems running App version 100 and Frm version 214, with the flaw classified under CWE-640 (Weak Password Recovery Mechanism for Forgotten Password).
The vulnerability carries severe security implications with a CVSS 3.1 score of 9.8 (Critical) and a CVSS 4.0 score of 8.8 (High).
The attack vector is network-based with low complexity, requiring no privileges or user interaction, making it particularly dangerous for exposed systems.
Successful exploitation could result in complete compromise of confidentiality, integrity, and availability of affected systems.
Attackers can potentially access sensitive industrial control data, modify system configurations, and disrupt critical operations.
The vulnerability is especially concerning given that public exploits are available and the affected systems are deployed globally across energy sector infrastructure.
In an unusual move, Daikin has stated it will not fix this vulnerability and will only respond directly to individual user inquiries.
This decision places the burden of protection entirely on organizations using the affected systems.
CISA strongly recommends implementing defensive measures to minimize exploitation risk. Organizations should ensure control system devices are not accessible from the internet and position them behind firewalls, isolated from business networks.
When remote access is necessary, secure methods like updated VPNs should be used, while recognizing that VPNs are only as secure as connected devices.
Additional protective measures include minimizing network exposure for all control systems, implementing defense-in-depth strategies, and conducting proper impact analysis before deploying defensive measures.
Organizations should also follow CISA’s recommended cybersecurity practices for industrial control systems and implement proactive defense strategies for ICS assets.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
Source link
