Columbia Weather Systems MicroServer

Published:

6 januari 2026 om 12:00:00

Alert date:

6 januari 2026 om 20:03:30

Source:

cisa.gov

Three high-severity vulnerabilities discovered in Columbia Weather Systems MicroServer firmware allowing attackers to redirect SSH connections, gain admin access to web portals, and obtain shell access. CVE-2025-61939 involves improper SSH connection restrictions, CVE-2025-64305 exposes cleartext secrets on SD cards, and CVE-2025-66620 provides unauthorized webshell access. All vulnerabilities affect firmware versions below MS_4.1_14142 and can be exploited by attackers with local network access. The vendor has released patches requiring direct contact with Columbia Weather Systems Support. CVSS scores range from 6.5 to 8.8, with successful exploitation potentially leading to complete system compromise. The vulnerabilities were reported by UsrPacific and affect systems deployed in the United States Information Technology sector.

Technical details

Mitigation steps:

Affected products:

Columbia Weather Systems MicroServer

Related links:

https://www.cisa.gov/news-events/ics-advisories/icsa-26-006-01
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-26-006-01.json
https://www.cve.org/CVERecord?id=CVE-2025-61939
https://www.cve.org/CVERecord?id=CVE-2025-64305
https://www.cve.org/CVERecord?id=CVE-2025-66620
https://cwe.mitre.org/data/definitions/923.html
https://cwe.mitre.org/data/definitions/313.html
https://cwe.mitre.org/data/definitions/553.html
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Related CVE's:

CVE-2025-61939

CVE-2025-64305

CVE-2025-66620

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.