{ "document": { "acknowledgments": [ { "names": [ "Joao Varelas" ], "summary": "reporting this vulnerability to CISA" } ], "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Disclosure is not limited", "tlp": { "label": "WHITE", "url": "https://www.cisa.gov/news-events/news/traffic-light-protocol-tlp-definitions-and-usage" } }, "lang": "en-US", "notes": [ { "category": "legal_disclaimer", "text": "This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).", "title": "Legal Notice and Terms of Use" }, { "category": "summary", "text": "Successful exploitation of this vulnerability could allow a local attacker to reverse engineer passwords through brute force.", "title": "Risk evaluation" }, { "category": "other", "text": "Critical Manufacturing", "title": "Critical infrastructure sectors" }, { "category": "other", "text": "Worldwide", "title": "Countries/areas deployed" }, { "category": "other", "text": "United Kingdom", "title": "Company headquarters location" }, { "category": "general", "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:", "title": "Recommended Practices" }, { "category": "general", "text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.", "title": "Recommended Practices" }, { "category": "general", "text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.", "title": "Recommended Practices" }, { "category": "general", "text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.", "title": "Recommended Practices" }, { "category": "general", "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.", "title": "Recommended Practices" }, { "category": "general", "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.", "title": "Recommended Practices" }, { "category": "general", "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.", "title": "Recommended Practices" }, { "category": "general", "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.", "title": "Recommended Practices" }, { "category": "general", "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.", "title": "Recommended Practices" }, { "category": "general", "text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks:", "title": "Recommended Practices" }, { "category": "general", "text": "Do not click web links or open attachments in unsolicited email messages.", "title": "Recommended Practices" }, { "category": "general", "text": "Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.", "title": "Recommended Practices" }, { "category": "general", "text": "Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.", "title": "Recommended Practices" }, { "category": "general", "text": "No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.", "title": "Recommended Practices" } ], "publisher": { "category": "coordinator", "contact_details": "central@cisa.dhs.gov", "name": "CISA", "namespace": "https://www.cisa.gov/" }, "references": [ { "category": "self", "summary": "ICS Advisory ICSA-25-317-03 JSON", "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-317-03.json" }, { "category": "self", "summary": "ICSA Advisory ICSA-25-317-03 - Web Version", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-03" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/topics/industrial-control-systems" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/secure-our-world/teach-employees-avoid-phishing" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/news-events/news/avoiding-social-engineering-and-phishing-attacks" } ], "title": "AVEVA Edge", "tracking": { "current_release_date": "2025-11-13T07:00:00.000000Z", "generator": { "date": "2025-11-13T15:08:41.425721Z", "engine": { "name": "CISA CSAF Generator", "version": "1.0.0" } }, "id": "ICSA-25-317-03", "initial_release_date": "2025-11-13T07:00:00.000000Z", "revision_history": [ { "date": "2025-11-13T07:00:00.000000Z", "legacy_version": "Initial", "number": "1", "summary": "Initial Publication" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "<=2023_R2", "product": { "name": "AVEVA Edge: <=2023_R2", "product_id": "CSAFPID-0001" } } ], "category": "product_name", "name": "Edge" } ], "category": "vendor", "name": "AVEVA" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-9317", "cwe": { "id": "CWE-327", "name": "Use of a Broken or Risky Cryptographic Algorithm" }, "notes": [ { "category": "summary", "text": "The vulnerability, if exploited, could allow a miscreant with read access to Edge Project files or Edge Offline Cache files to reverse engineer Edge users' app-native or Active Directory passwords through computational brute-forcing of weak hashes.", "title": "Vulnerability Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "category": "external", "summary": "www.cve.org", "url": "https://www.cve.org/CVERecord?id=CVE-2025-9317" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N" } ], "remediations": [ { "category": "mitigation", "details": "AVEVA recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Users using the affected product versions should take the following actions to mitigate the risk of exploit:", "product_ids": [ "CSAFPID-0001" ] }, { "category": "vendor_fix", "details": "Apply AVEVA Edge 2023 R2 P01 Security Update and migrate old project files.", "product_ids": [ "CSAFPID-0001" ], "url": "https://softwaresupportsp.aveva.com/en-US/downloads/products/details/38f52447-3013-4c4e-be6e-9b28b635bba9" }, { "category": "mitigation", "details": "For projects that cannot be migrated (e.g. backups or transient copies), evaluate the risk of potential password leakage from these files and implement stricter read access controls to protect these unsafe files.", "product_ids": [ "CSAFPID-0001" ] }, { "category": "vendor_fix", "details": "Require AVEVA Edge users to change their passwords.", "product_ids": [ "CSAFPID-0001" ] }, { "category": "vendor_fix", "details": "Important: Edge project migration from older versions to 2023 R2 P01 is one-way due to the change in password hashing algorithms.", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "The following general defensive measures are recommended:", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Access Control Lists should be applied to all folders where users will save and load project files.", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Maintain a trusted chain-of-custody on project files during creation, modification, distribution, and use.", "product_ids": [ "CSAFPID-0001" ] }, { "category": "vendor_fix", "details": "Apply data-protection at the project level with a strong master password. For configuration step-by-step refer to AVEVA Edge \"Technical Reference Manual\" > Project Overview > Configuring Additional Project Settings > Options Tab > Data Protection.", "product_ids": [ "CSAFPID-0001" ] }, { "category": "vendor_fix", "details": "If passwords are being used as function parameters inside project documents (such as scripts or worksheets), it is recommended to remove those passwords and use project tags instead. For more information on tags refer to AVEVA Edge \"Technical Reference Manual\" > Tags and the Tag Database > About Tags and the Project Database.", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "For information on how to reach AVEVA support for your product, please refer to this link: AVEVA Customer Support.", "product_ids": [ "CSAFPID-0001" ], "url": "https://www.aveva.com/en/support/support-contact/" }, { "category": "mitigation", "details": "For more information, see AVEVA's Security Bulletin AVEVA-2025-006 or AVEVA's bulletins page.", "product_ids": [ "CSAFPID-0001" ], "url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2025-006.pdf" }, { "category": "mitigation", "details": "For more information, see AVEVA's Security Bulletin AVEVA-2025-006 or AVEVA's bulletins page.", "product_ids": [ "CSAFPID-0001" ], "url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/" } ], "scores": [ { "cvss_v3": { "baseScore": 8.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ] } ] }