EG4 Electronics EG4 Inverters Cleartext Transmission of Sensitive Information

6.9 / 10

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

Description

The MOD3 command traffic between the monitoring application and the
inverter is transmitted in plaintext without encryption or obfuscation.
This vulnerability may allow an attacker with access to a local network
to intercept, manipulate, replay, or forge critical data, including
read/write operations for voltage, current, and power configuration,
operational status, alarms, telemetry, system reset, or inverter control
commands, potentially disrupting power generation or reconfiguring
inverter settings.

Basic Information

ID CVE-2025-52586

Source icscert

Published Aug 8, 2025 at 16:00

Modified Aug 8, 2025 at 16:12

Affected Product

Vendor EG4 Electronics

Product EG4 12kPV

Version all versions

Affected Versions EG4 Electronics EG4 12kPV all versions
EG4 Electronics EG4 18kPV all versions
EG4 Electronics EG4 Flex 21 all versions
EG4 Electronics EG4 Flex 18 all versions
EG4 Electronics EG4 6000XP all versions
EG4 Electronics EG4 12000XP all versions
EG4 Electronics EG4 GridBoss all versions

CWE Classification

CWE-319

References

{
    "lastseen": "",
    "description": "The MOD3 command traffic between the monitoring application and the \ninverter is transmitted in plaintext without encryption or obfuscation. \nThis vulnerability may allow an attacker with access to a local network \nto intercept, manipulate, replay, or forge critical data, including \nread/write operations for voltage, current, and power configuration, \noperational status, alarms, telemetry, system reset, or inverter control\n commands, potentially disrupting power generation or reconfiguring \ninverter settings.",
    "published": "2025-08-08T16:00:43.694Z",
    "modified": "2025-08-08T16:12:28.064Z",
    "type": "cve",
    "title": "EG4 Electronics EG4 Inverters Cleartext Transmission of Sensitive Information",
    "source": "icscert",
    "references": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-219-07\nhttps://eg4electronics.com/contact/",
    "id": "CVE-2025-52586",
    "bulletinFamily": "",
    "cwe": [
        "CWE-319"
    ],
    "cvelist": null,
    "sourceData": "EG4 Electronics EG4 12kPV all versions\nEG4 Electronics EG4 18kPV all versions\nEG4 Electronics EG4 Flex 21 all versions\nEG4 Electronics EG4 Flex 18 all versions\nEG4 Electronics EG4 6000XP all versions\nEG4 Electronics EG4 12000XP all versions\nEG4 Electronics EG4 GridBoss all versions",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "EG4 12kPV",
    "version": "all versions",
    "vendor": "EG4 Electronics",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

EG4 Electronics EG4 Inverters Cleartext Transmission of Sensitive Information_CVE-2025-52586