EG4 Electronics EG4 Inverters Download of Code Without Integrity Check

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

The affected product allows firmware updates to be downloaded from EG4's
website, transferred via USB dongles, or installed through EG4's
Monitoring Center (remote, cloud-connected interface) or via a serial
connection, and can install these files without integrity checks. The
TTComp archive format used for the firmware is unencrypted and can be
unpacked and altered without detection.

Basic Information

ID CVE-2025-53520

Source icscert

Published Aug 8, 2025 at 16:09

Affected Product

Vendor EG4 Electronics

Product EG4 12kPV

Version all versions

Affected Versions EG4 Electronics EG4 12kPV all versions
EG4 Electronics EG4 18kPV all versions
EG4 Electronics EG4 Flex 21 all versions
EG4 Electronics EG4 Flex 18 all versions
EG4 Electronics EG4 6000XP all versions
EG4 Electronics EG4 12000XP all versions
EG4 Electronics EG4 GridBoss all versions

CWE Classification

CWE-494

References

{
    "lastseen": "",
    "description": "The affected product allows firmware updates to be downloaded from EG4's\n website, transferred via USB dongles, or installed through EG4's \nMonitoring Center (remote, cloud-connected interface) or via a serial \nconnection, and can install these files without integrity checks. The \nTTComp archive format used for the firmware is unencrypted and can be \nunpacked and altered without detection.",
    "published": "2025-08-08T16:09:02.072Z",
    "modified": "2025-08-08T16:09:02.072Z",
    "type": "cve",
    "title": "EG4 Electronics EG4 Inverters Download of Code Without Integrity Check",
    "source": "icscert",
    "references": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-219-07\nhttps://eg4electronics.com/contact/",
    "id": "CVE-2025-53520",
    "bulletinFamily": "",
    "cwe": [
        "CWE-494"
    ],
    "cvelist": null,
    "sourceData": "EG4 Electronics EG4 12kPV all versions\nEG4 Electronics EG4 18kPV all versions\nEG4 Electronics EG4 Flex 21 all versions\nEG4 Electronics EG4 Flex 18 all versions\nEG4 Electronics EG4 6000XP all versions\nEG4 Electronics EG4 12000XP all versions\nEG4 Electronics EG4 GridBoss all versions",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "EG4 12kPV",
    "version": "all versions",
    "vendor": "EG4 Electronics",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

EG4 Electronics EG4 Inverters Download of Code Without Integrity Check_CVE-2025-53520