CRITICAL🇵🇱 Wersja polska

CVE-2025-14988

CVSS 10.0v4.0pub. 2026-01-27upd. 2026-04-15

A security issue has been identified in ibaPDA that could allow unauthorized actions on the file system under certain conditions. This may impact the confidentiality, integrity, or availability of the system.

🤖 AI Analysis
How it works

The vulnerability results from improperly configured permissions to file system resources (CWE-732 — Incorrect Permission Assignment for Critical Resource). Under certain conditions, an unauthenticated remote attacker can gain access to protected file system resources and perform unauthorized actions on them. The lack of authentication requirements, user interaction, and low attack condition requirements (AC:L, AT:N, PR:N, UI:N) make the vulnerability exceptionally easy to exploit.

Impact

An attacker can compromise the confidentiality, integrity, and availability of the system through unauthorized reading, modification, or deletion of files — including potentially critical process data and industrial system configuration data. Due to the high impact on both the local system and dependent systems (SC:H, SI:H, SA:H), the consequences may include disruption of industrial facility operations.

Mitigation & patch

Patches available from the manufacturer should be applied in accordance with the references — detailed information about patched versions is available in the CISA ICS-CERT advisory at https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-01

Who is affected

ibaPDA software — versions indicated in manufacturer references (ICS-CERT advisory ICSA-26-027-01)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References