CVE-2025-13605

Severity CVSS v4.0:

CRITICAL

Type:

CWE-78 OS Command Injections

Publication date:

04/05/2026

Last modified:

05/05/2026

Description

3onedata modbus gateway device model GW1101-1D(RS-485)-TB-P (hardware version V2.2.0) allows authenticated users to execute arbitrary shell commands in the context of the root user by providing payload in the "IP address" field of the diagnosis test tools.<br /> This issue has been resolved in firmware version 3.0.59B2024080600R4353

Impact

Vector 4.0

CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H CVSS v4.0 Severity and Metrics:

Base Score: 9.30 CRITICAL
Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Attack Requirements (AT): None
Privileges Required (PR): High
User Interaction (UI): None
Confidentiality (VC): High
Integrity (VI): High
Availability (VA): High
Confidentiality (SC): High
Integrity (SI): High
Availability (SA): High

Base Score 4.0

9.30

Severity 4.0

CRITICAL

References to Advisories, Solutions, and Tools

https://cert.pl/en/posts/2026/05/CVE-2025-13605