Packet Power EMX and EG Missing Authentication for Critical Function

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

By default, the Packet Power Monitoring and Control Web Interface do not
enforce authentication mechanisms. This vulnerability could allow
unauthorized users to access and manipulate monitoring and control
functions.

AI Analysis

The Packet Power EMX and EG systems lack authentication for critical functions, allowing unauthorized access and manipulation of monitoring and control functions.

Basic Information

ID CVE-2025-8284

Source icscert

Published Aug 8, 2025 at 16:27

Affected Product

Vendor Packet Power

Product EMX

Affected Versions Packet Power EMX 0
Packet Power EG 0

CWE Classification

CWE-306

AI Assessment

AI Severity Critical

Vendor Packet Power

Product Packet Power EMX, Packet Power EG

References

www.cisa.gov /news-events/ics-advisories/icsa-25-219-05

{
    "lastseen": "",
    "description": "By default, the Packet Power Monitoring and Control Web Interface do not\n enforce authentication mechanisms. This vulnerability could allow \nunauthorized users to access and manipulate monitoring and control \nfunctions.",
    "published": "2025-08-08T16:27:14.031Z",
    "modified": "2025-08-08T16:27:14.031Z",
    "type": "cve",
    "title": "Packet Power EMX and EG Missing Authentication for Critical Function",
    "source": "icscert",
    "references": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-219-05",
    "id": "CVE-2025-8284",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306"
    ],
    "cvelist": null,
    "sourceData": "Packet Power EMX 0\nPacket Power EG 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "EMX",
    "version": "0",
    "vendor": "Packet Power",
    "ai_description": "The Packet Power EMX and EG systems lack authentication for critical functions, allowing unauthorized access and manipulation of monitoring and control functions.",
    "ai_severity": "Critical",
    "ai_vendor": "Packet Power",
    "ai_product": "Packet Power EMX, Packet Power EG",
    "ai_version": "0",
    "ai_score": 0
}

Packet Power EMX and EG Missing Authentication for Critical Function_CVE-2025-8284