{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-52586", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2025-07-30T19:03:10.056Z", "datePublished": "2025-08-08T16:00:43.694Z", "dateUpdated": "2025-08-08T16:12:28.064Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "EG4 12kPV", "vendor": "EG4 Electronics", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "EG4 18kPV", "vendor": "EG4 Electronics", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "EG4 Flex 21", "vendor": "EG4 Electronics", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "EG4 Flex 18", "vendor": "EG4 Electronics", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "EG4 6000XP", "vendor": "EG4 Electronics", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "EG4 12000XP", "vendor": "EG4 Electronics", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "EG4 GridBoss", "vendor": "EG4 Electronics", "versions": [{"status": "affected", "version": "all versions"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Anthony Rose of BC Security reported these vulnerabilities to CISA."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The MOD3 command traffic between the monitoring application and the \ninverter is transmitted in plaintext without encryption or obfuscation. \nThis vulnerability may allow an attacker with access to a local network \nto intercept, manipulate, replay, or forge critical data, including \nread/write operations for voltage, current, and power configuration, \noperational status, alarms, telemetry, system reset, or inverter control\n commands, potentially disrupting power generation or reconfiguring \ninverter settings."}], "value": "The MOD3 command traffic between the monitoring application and the \ninverter is transmitted in plaintext without encryption or obfuscation. \nThis vulnerability may allow an attacker with access to a local network \nto intercept, manipulate, replay, or forge critical data, including \nread/write operations for voltage, current, and power configuration, \noperational status, alarms, telemetry, system reset, or inverter control\n commands, potentially disrupting power generation or reconfiguring \ninverter settings."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 7.5, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-319", "description": "CWE-319", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-08-08T16:00:43.694Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-219-07"}, {"url": "https://eg4electronics.com/contact/"}], "source": {"advisory": "ICSA-25-219-07", "discovery": "EXTERNAL"}, "title": "EG4 Electronics EG4 Inverters Cleartext Transmission of Sensitive Information", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>EG4 has acknowledged the vulnerabilities and is actively working on a\n fix, including new hardware expected to release by October 15, 2025. \nUntil then, EG4 will actively monitor all installed systems and work \nwith affected users on a case-by-case basis if anomalies are observed.<br></p>\n\n<p>For more information, <a target=\"_blank\" rel=\"nofollow\" href=\"https://eg4electronics.com/contact/\">contact EG4.</a></p>\n\n<br>"}], "value": "EG4 has acknowledged the vulnerabilities and is actively working on a\n fix, including new hardware expected to release by October 15, 2025. \nUntil then, EG4 will actively monitor all installed systems and work \nwith affected users on a case-by-case basis if anomalies are observed.\n\n\n\n\nFor more information, contact EG4. https://eg4electronics.com/contact/"}], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-08T16:12:13.892869Z", "id": "CVE-2025-52586", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-08T16:12:28.064Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-52586", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-08T16:12:13.892869Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-08T16:12:20.324Z"}}], "cna": {"title": "EG4 Electronics EG4 Inverters Cleartext Transmission of Sensitive Information", "source": {"advisory": "ICSA-25-219-07", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Anthony Rose of BC Security reported these vulnerabilities to CISA."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.9, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.5, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "EG4 Electronics", "product": "EG4 12kPV", "versions": [{"status": "affected", "version": "all versions"}], "defaultStatus": "unaffected"}, {"vendor": "EG4 Electronics", "product": "EG4 18kPV", "versions": [{"status": "affected", "version": "all versions"}], "defaultStatus": "unaffected"}, {"vendor": "EG4 Electronics", "product": "EG4 Flex 21", "versions": [{"status": "affected", "version": "all versions"}], "defaultStatus": "unaffected"}, {"vendor": "EG4 Electronics", "product": "EG4 Flex 18", "versions": [{"status": "affected", "version": "all versions"}], "defaultStatus": "unaffected"}, {"vendor": "EG4 Electronics", "product": "EG4 6000XP", "versions": [{"status": "affected", "version": "all versions"}], "defaultStatus": "unaffected"}, {"vendor": "EG4 Electronics", "product": "EG4 12000XP", "versions": [{"status": "affected", "version": "all versions"}], "defaultStatus": "unaffected"}, {"vendor": "EG4 Electronics", "product": "EG4 GridBoss", "versions": [{"status": "affected", "version": "all versions"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-219-07"}, {"url": "https://eg4electronics.com/contact/"}], "workarounds": [{"lang": "en", "value": "EG4 has acknowledged the vulnerabilities and is actively working on a\n fix, including new hardware expected to release by October 15, 2025. \nUntil then, EG4 will actively monitor all installed systems and work \nwith affected users on a case-by-case basis if anomalies are observed.\n\n\n\n\nFor more information, contact EG4. https://eg4electronics.com/contact/", "supportingMedia": [{"type": "text/html", "value": "<p>EG4 has acknowledged the vulnerabilities and is actively working on a\n fix, including new hardware expected to release by October 15, 2025. \nUntil then, EG4 will actively monitor all installed systems and work \nwith affected users on a case-by-case basis if anomalies are observed.<br></p>\n\n<p>For more information, <a target=\"_blank\" rel=\"nofollow\" href=\"https://eg4electronics.com/contact/\">contact EG4.</a></p>\n\n<br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "The MOD3 command traffic between the monitoring application and the \ninverter is transmitted in plaintext without encryption or obfuscation. \nThis vulnerability may allow an attacker with access to a local network \nto intercept, manipulate, replay, or forge critical data, including \nread/write operations for voltage, current, and power configuration, \noperational status, alarms, telemetry, system reset, or inverter control\n commands, potentially disrupting power generation or reconfiguring \ninverter settings.", "supportingMedia": [{"type": "text/html", "value": "The MOD3 command traffic between the monitoring application and the \ninverter is transmitted in plaintext without encryption or obfuscation. \nThis vulnerability may allow an attacker with access to a local network \nto intercept, manipulate, replay, or forge critical data, including \nread/write operations for voltage, current, and power configuration, \noperational status, alarms, telemetry, system reset, or inverter control\n commands, potentially disrupting power generation or reconfiguring \ninverter settings.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-319", "description": "CWE-319"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-08-08T16:00:43.694Z"}}}, "cveMetadata": {"cveId": "CVE-2025-52586", "state": "PUBLISHED", "dateUpdated": "2025-08-08T16:12:28.064Z", "dateReserved": "2025-07-30T19:03:10.056Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2025-08-08T16:00:43.694Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The MOD3 command traffic between the monitoring application and the \ninverter is transmitted in plaintext without encryption or obfuscation. \nThis vulnerability may allow an attacker with access to a local network \nto intercept, manipulate, replay, or forge critical data, including \nread/write operations for voltage, current, and power configuration, \noperational status, alarms, telemetry, system reset, or inverter control\n commands, potentially disrupting power generation or reconfiguring \ninverter settings."}], "id": "CVE-2025-52586", "lastModified": "2025-08-08T20:30:18.180", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 5.5, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2025-08-08T16:15:27.617", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "https://eg4electronics.com/contact/"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-219-07"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}

{}