News

Issue allowing arbitrary code execution fixed in Fastwel PLCs

HackMag3450

The Russian company Fastwel has released updates for its CPM723-01 and CPM810-03 programmable logic controllers, fixing nine vulnerabilities (scoring 8.3 to 9.4 on the CVSS 4.0 scale) discovered by Positive Technologies researchers.

Researchers note that the CPM810-03 and CPM723-01-C1 PLCs are listed in the Russian register of industrial products and are used in the oil and gas and railway sectors, the electric power industry, shipbuilding, metallurgy, the mining industry, and utilities.

The discovered vulnerabilities were assigned identifiers from PT-2025-40257 to PT-2025-40265 (BDU:2025-11164BDU:2025-11172), and their exploitation could have led to significant malfunctions of the controlled process equipment.

The most dangerous of the eliminated vulnerabilities (PT-2025-40257–PT-2025-40260) allowed arbitrary code execution in the controller’s OS. Meanwhile, bugs PT-2025-40261–PT-2025-40265 could serve as a foothold leading to device compromise. For example, by exploiting issues PT-2025-40261–PT-2025-40264, an attacker could obtain administrator privileges in the web configurator and other available services of the controller, or steal users’ credentials. This would allow changing the PLC configuration and taking full control of the device.

It is noted that before the patches were released, the vulnerabilities could be exploited by both internal and external attackers with network access to the equipment.

“Segmenting the corporate network and restricting access to the ICS local network will help reduce the likelihood of attacks exploiting such flaws and shrink the attack surface. You should also disable the controller’s web configurator and any unused network services, and replace all default passwords with strong ones. It’s important to ensure that only those employees who genuinely need it have access to the PLC,” comments Maxim Gruzin, a specialist with the ICS expertise group.

Companies operating vulnerable PLCs are advised to update the CPM723-01 to version 3.4.9.5 as soon as possible and the CPM810-03 to version 3.4.5.1.

it? Share:
21.02.2025 —
Microsoft fixes vulnerability in Power Pages exploited by cybercriminals
07.04.2025 —
Critical RCE vulnerability discovered in Apache Parquet
12.03.2025 —
Mass exploitation of PHP-CGI vulnerability in attacks targeting Japanese companies
04.04.2025 —
Privilege escalation vulnerability in Google Cloud resulting in sensitive data leaks finally patched
23.04.2025 —
Improper authentication control vulnerability affects ASUS routers with AiCloud
28.02.2025 —
Qualcomm extends support for Android devices to 8 years
20.03.2025 —
8,000 vulnerabilities identified in WordPress ecosystem in 2024
18.03.2025 —
Black Basta ransomware group developed its own automated brute-forcing framework
06.02.2025 —
Let's Encrypt to stop sending expiration notification emails
03.02.2025 —
PyPI introduces a project archival system to combat malicious updates
16.02.2022 —
Timeline of everything. Collecting system events with Plaso
21.02.2023 —
Herpaderping and Ghosting. Two new ways to hide processes from antiviruses
04.04.2023 —
Serpent pyramid. Run malware from the EDR blind spots!
22.01.2023 —
Top 5 Ways to Use a VPN for Enhanced Online Privacy and Security
13.02.2023 —
First Contact: Attacks on Google Pay, Samsung Pay, and Apple Pay
13.02.2023 —
Ethernet Abyss. Network pentesting at the data link layer
07.07.2023 —
Evil Ethernet. BadUSB-ETH attack in detail
08.06.2023 —
Cold boot attack. Dumping RAM with a USB flash drive
15.02.2022 —
First contact: How hackers steal money from bank cards
13.01.2022 —
Step by Step. Automating multistep attacks in Burp Suite