{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-48466","assignerOrgId":"5f57b9bf-260d-4433-bf07-b6a79e9bb7d4","state":"PUBLISHED","assignerShortName":"CSA","dateReserved":"2025-05-22T09:41:25.402Z","datePublished":"2025-06-24T02:12:41.743Z","dateUpdated":"2025-06-25T12:59:38.016Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unknown","product":"Advantech Wireless Sensing and Equipment (WISE)","vendor":"Advantech","versions":[{"status":"affected","version":"A2.01 B00"}]}],"credits":[{"lang":"en","type":"finder","value":"Jay Turla"},{"lang":"en","type":"finder","value":"Japz Divino"},{"lang":"en","type":"finder","value":"Jerold Camacho"}],"datePublic":"2025-06-24T02:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Successful exploitation of the vulnerability could allow an unauthenticated, remote attacker to send Modbus TCP packets to manipulate Digital Outputs, potentially allowing remote control of relay channel which may lead to operational or safety risks."}],"value":"Successful exploitation of the vulnerability could allow an unauthenticated, remote attacker to send Modbus TCP packets to manipulate Digital Outputs, potentially allowing remote control of relay channel which may lead to operational or safety risks."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"ADJACENT_NETWORK","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"providerMetadata":{"orgId":"5f57b9bf-260d-4433-bf07-b6a79e9bb7d4","shortName":"CSA","dateUpdated":"2025-06-24T02:30:12.664Z"},"references":[{"url":"https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061"},{"url":"https://github.com/shipcod3/CVE-2025-48466"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Users and administrators of affected products are advised to update to firmware version A2.02 B00 and disable Modbus TCP if it is not required in their deployment.\n\n<br>"}],"value":"Users and administrators of affected products are advised to update to firmware version A2.02 B00 and disable Modbus TCP if it is not required in their deployment."}],"source":{"discovery":"UNKNOWN"},"title":"Modbus Command Injection without Authentication","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-863","lang":"en","description":"CWE-863 Incorrect Authorization"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-06-24T15:25:23.267947Z","id":"CVE-2025-48466","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-06-25T12:59:38.016Z"}}]}}