Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Multiple vulnerabilities in ZIV's IDF and ZLF products

Posted date 05/06/2025
Identificador
INCIBE-2025-0292
Importance
4 - High
Affected Resources

IDF and ZLF, versions prior to the:

  • 0.10.0-0C08 and 0.10.0-0D00 for vulnerability CVE-2025-41361.
  • 1.1.0 for the rest of the vulnerabilities.
Description

INCIBE has coordinated the publication of 8 vulnerabilities: 2 of high severity and 6 of medium severity, affecting ZIV's IDF and ZLF protections. The vulnerabilities have been discovered by Aarón Flecha Menéndez and Gabriel Vía Echezarreta.

This vulnerability has been assigned the following code, CVSS v4.0 base score, CVSS vector and vulnerability type CWE.

  • CVE-2025-41360: CVSS v4.0: 8.7 | CVSS AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N | CWE-400
  • CVE-2025-41361: CVSS v4.0: 8.3 | CVSS AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N | CWE-400
  • CVE-2025-41362: CVSS v4.0: 5.3 | CVSS AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N | CWE-94
  • CVE-2025-41363: CVSS v4.0: 5.3 | CVSS AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L | CWE-942
  • CVE-2025-41364: CVSS v4.0: 5.1 | CVSS AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N | CWE-79
  • CVE-2025-41365: CVSS v4.0: 5.1 | CVSS AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N | CWE-94
  • CVE-2025-41366: CVSS v4.0: 5.1 | CVSS AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L | CWE-942
  • CVE-2025-41367: CVSS v4.0: 4.8 | CVSS AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N | CWE-79
Solution

The vulnerabilities have been fixed by ZIV in firmware versions:

  • 0.10.0-0C08 and 0.10.0-0D00 for vulnerability CVE-2025-41361.
  • 1.1.0 for the rest of the vulnerabilities.
Detail
  • CVE-2025-41360: uncontrolled resource consumption vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. The device is vulnerable to a packet flooding denial of service attack.
  • CVE-2025-41361: uncontrolled resource consumption vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. The devices improperly handle TLS requests associated with PROCOME sockets, so TLS requests sent to those PROCOME ports could cause the device to reboot and result in a denial of service. To exploit this vulnerability, PROCOME ports must be configured and active, with communications encryption active.
  • CVE-2025-41362: code injection vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that can be executed with view permission.
  • CVE-2025-41363: in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error has been detected in cross-origin resource sharing (CORS). Exploiting this vulnerability requires authenticating to the device and executing certain commands that can be executed with view permission.
  • CVE-2025-41364: stoted Cross-Site Scripting (XSS) vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious JavaScript payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that can be executed with view permission.
  • CVE-2025-41365: code injection vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that can be executed only with permissions higher than the view permission.
  • CVE-2025-41366: in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error has been detected in cross-origin resource sharing (CORS). Exploiting this vulnerability requires authenticating to the device and executing certain commands that can only be executed with permissions higher than the view permission.
  • CVE-2025-41367: stored Cross-Site Scripting (XSS) vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious JavaScript payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that can only be executed with permissions higher than the view permission.
References list
ZIV - Manufacturer's website
HackRTU - Blog article
Etiquetas