CVE-2025-53520

EUVD-2025-23995
The affected product allows firmware updates to be downloaded from EG4's
 website, transferred via USB dongles, or installed through EG4's 
Monitoring Center (remote, cloud-connected interface) or via a serial 
connection, and can install these files without integrity checks. The 
TTComp archive format used for the firmware is unencrypted and can be 
unpacked and altered without detection.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
icscertCNA
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Common Weakness Enumeration
References
https://eg4electronics.com/contact/
https://www.cisa.gov/news-events/ics-advisories/icsa-25-219-07