Columbia Weather Systems MicroServer Cleartext Storage in a File or...

7.1 / 10

HIGH

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

MicroServer copies parts of the system firmware to an unencrypted external SD card on boot, which contains user and vendor secrets. An attacker can utilize these plaintext secrets to modify the vendor firmware, or gain admin access to the web portal.

Basic Information

ID CVE-2025-64305

Source icscert

Published Jan 7, 2026 at 20:02

Modified Jan 7, 2026 at 20:18

Affected Product

Vendor Columbia Weather Systems

Product MicroServer

Affected Versions Columbia Weather Systems MicroServer 0

CWE Classification

CWE-313

References

{
    "lastseen": "",
    "description": "MicroServer copies parts of the system firmware to an unencrypted external SD card on boot, which contains user and vendor secrets. An attacker can utilize these plaintext secrets to modify the vendor firmware, or gain admin access to the web portal.",
    "published": "2026-01-07T20:02:02.516Z",
    "modified": "2026-01-07T20:18:51.054Z",
    "type": "cve",
    "title": "Columbia Weather Systems MicroServer Cleartext Storage in a File or on Disk",
    "source": "icscert",
    "references": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-006-01\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-006-01.json",
    "id": "CVE-2025-64305",
    "bulletinFamily": "",
    "cwe": [
        "CWE-313"
    ],
    "cvelist": null,
    "sourceData": "Columbia Weather Systems MicroServer 0",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "MicroServer",
    "version": "0",
    "vendor": "Columbia Weather Systems",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Columbia Weather Systems MicroServer Cleartext Storage in a File or on Disk_CVE-2025-64305