Security Flaw in UNI-NMS-Lite Allows Unauthenticated Access to Managed Devices
CVE-2025-46273

9.3CRITICAL

Key Information:

Vendor: Planet Technology
Status: Uni-nms-lite
Vendor: CVE Published:; 24 April 2025

Summary

The UNI-NMS-Lite software contains a significant security flaw where hard-coded credentials are utilized, potentially allowing an unauthenticated individual to attain administrative privileges across all devices managed by UNI-NMS. This vulnerability could expose critical system configurations and sensitive data, emphasizing the need for immediate remediation and secure protocol implementations.

Affected Version(s)

UNI-NMS-Lite 0 <= 1.0b211018

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-1...

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Apr 24, 2025
Vulnerability Reserved
Apr 22, 2025

Credit

Kev Breen of Immersive reported these vulnerabilities to CISA.