EG4 Electronics EG4 Inverters Observable Discrepancy_CVE-2025-47872

5.8 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Description

The public-facing product registration endpoint server responds
differently depending on whether the S/N is valid and unregistered,
valid but already registered, or does not exist in the database.
Combined with the fact that serial numbers are sequentially assigned,
this allows an attacker to gain information on the product registration
status of different S/Ns.

Basic Information

ID CVE-2025-47872

Source icscert

Published Aug 8, 2025 at 16:14

Affected Product

Vendor EG4 Electronics

Product EG4 12kPV

Version all versions

Affected Versions EG4 Electronics EG4 12kPV all versions
EG4 Electronics EG4 18kPV all versions
EG4 Electronics EG4 Flex 21 all versions
EG4 Electronics EG4 Flex 18 all versions
EG4 Electronics EG4 6000XP all versions
EG4 Electronics EG4 12000XP all versions
EG4 Electronics EG4 GridBoss all versions

CWE Classification

CWE-203

References

{
    "lastseen": "",
    "description": "The public-facing product registration endpoint server responds \ndifferently depending on whether the S/N is valid and unregistered, \nvalid but already registered, or does not exist in the database. \nCombined with the fact that serial numbers are sequentially assigned, \nthis allows an attacker to gain information on the product registration \nstatus of different S/Ns.",
    "published": "2025-08-08T16:14:18.901Z",
    "modified": "2025-08-08T16:14:18.901Z",
    "type": "cve",
    "title": "EG4 Electronics EG4 Inverters Observable Discrepancy",
    "source": "icscert",
    "references": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-219-07\nhttps://eg4electronics.com/contact/",
    "id": "CVE-2025-47872",
    "bulletinFamily": "",
    "cwe": [
        "CWE-203"
    ],
    "cvelist": null,
    "sourceData": "EG4 Electronics EG4 12kPV all versions\nEG4 Electronics EG4 18kPV all versions\nEG4 Electronics EG4 Flex 21 all versions\nEG4 Electronics EG4 Flex 18 all versions\nEG4 Electronics EG4 6000XP all versions\nEG4 Electronics EG4 12000XP all versions\nEG4 Electronics EG4 GridBoss all versions",
    "sourceHref": "",
    "cvss": {
        "score": 5.8,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "EG4 12kPV",
    "version": "all versions",
    "vendor": "EG4 Electronics",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}