CVE-2025-53520

The affected product allows firmware updates to be downloaded from EG4's
 website, transferred via USB dongles, or installed through EG4's 
Monitoring Center (remote, cloud-connected interface) or via a serial 
connection, and can install these files without integrity checks. The 
TTComp archive format used for the firmware is unencrypted and can be 
unpacked and altered without detection.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
icscertCNA
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://eg4electronics.com/contact/
https://www.cisa.gov/news-events/ics-advisories/icsa-25-219-07