Detections
Analytics
Danfoss AK-SM800A Improper Authentication (CVE-2025-41450)
high Tenable OT Security Plugin ID 503284
Synopsis
The remote OT asset is affected by a vulnerability.Description
Because of an authentication flaw an attacker would be capable of generating a web report that discloses sensitive information such as internal IP addresses, usernames, store names and other sensitive information.This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.Danfoss created release R4.2 to address CVE-2025-41450 and release R4.3.1 to address CVE-2025-41451 and CVE-2025-41452.
Users can obtain and install the latest version by following the AK-SM 800A Software Upgrade Process.
For more information, see the Danfoss security advisories.
See Also
http://www.nessus.org/u?8a58d1f6
https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-03
Plugin Details
Severity: High
ID: 503284
Version: 1.2
Type: remote
Family: Tenable.ot
Published: 7/9/2025
Updated: 9/9/2025
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: High
Score: 7.3
CVSS v3
Risk Factor: High
Base Score: 8.2
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:H
Vulnerability Information
CPE: cpe:/o:danfoss:ak-sm_800a_firmware
Required KB Items: Tenable.ot/Danfoss
Patch Publication Date: 3/24/2025
Vulnerability Publication Date: 3/24/2025
Reference Information
CVE: CVE-2025-41450
CWE: 287
ICSA: 25-140-03