CVE-2025-52586

high

Description

The MOD3 command traffic between the monitoring application and the inverter is transmitted in plaintext without encryption or obfuscation. This vulnerability may allow an attacker with access to a local network to intercept, manipulate, replay, or forge critical data, including read/write operations for voltage, current, and power configuration, operational status, alarms, telemetry, system reset, or inverter control commands, potentially disrupting power generation or reconfiguring inverter settings.

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-219-07

https://eg4electronics.com/wp-content/uploads/2025/09/EG4-Wi-Fi-Dongle-Dongle-Firmware-Update.pdf

https://eg4electronics.com/contact/

Details

Source: Mitre, NVD

Published: 2025-08-08

Updated: 2026-04-15

Risk Information

CVSS v2

Base Score: 5.9

Vector: CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:P

Severity: Medium

CVSS v3

Base Score: 6.9

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

Severity: Medium

CVSS v4

Base Score: 7.5

Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Severity: High

EPSS

EPSS: 0.00006