Western Telematic Inc NPS Series, DSM Series, CPM Series

MonitorCVSS 6.5ICS-CERT ICSA-25-035-01Feb 4, 2025

Energy

Attack path

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

An authenticated attacker can exploit improper input validation (CWE-73) in Western Telematic NPS Series (firmware ≤6.62), DSM Series (firmware ≤6.62), and CPM Series (firmware ≤6.62) devices to read arbitrary files from the device filesystem. This allows unauthorized access to configuration files, credentials, and operational data stored locally on the affected network power management and console server devices. The vulnerability requires valid login credentials and network access to the management interface. Western Telematic has patched this issue: NPS units in firmware 4.02 or later, DSM/CPM units in firmware 8.06 or later.

What this means

What could happen

An authenticated attacker could gain unauthorized access to sensitive files on the network management device's filesystem, potentially allowing them to view device configuration, credentials, or operational data stored locally.

Who's at risk

Energy sector operators managing remote power distribution and console access should prioritize this. Specifically affects facilities using Western Telematic NPS (Network Power Switch) units for remote power management, DSM (Console Server) for remote device access, and CPM (combined Console Server/PDU) units. These are commonly found in substations, data centers, and networked utility equipment cabinets.

How it could be exploited

An attacker with valid login credentials (username and password) can authenticate to the web interface or console of the affected NPS/DSM/CPM device and exploit improper input validation to read arbitrary files from the device filesystem. The attacker must have network access to the device management port and valid credentials to authenticate.

Prerequisites

Network access to the device management interface (typically TCP port 80/443 or console port)
Valid username and password for the affected device
Device running vulnerable firmware version 6.62 or earlier

Requires valid credentialsLow complexity exploitationDevice-level filesystem access possibleDefault credentials may not be changed on many deploymentsAffects network management devices that often store sensitive configuration data

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

Network Power Switch (NPS Series): <=Firmware_6.62≤ Firmware 6.624.02+

Console Server (DSM Series): <=Firmware_6.62≤ Firmware 6.628.06+

Console Server + PDU Combo Unit (CPM Series): <=Firmware_6.62≤ Firmware 6.628.06+

Remediation & Mitigation

0/6

Do now

0/2

HARDENINGChange all default usernames and passwords on all affected devices before or immediately after deployment

HARDENINGRestrict network access to device management interfaces to authorized engineering workstations and administrative systems only

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

Network Power Switch (NPS Series): <=Firmware_6.62

HOTFIXUpdate NPS Series devices to firmware version 4.02 or later

Console Server (DSM Series): <=Firmware_6.62

HOTFIXUpdate DSM Series devices to firmware version 8.06 or later

Console Server + PDU Combo Unit (CPM Series): <=Firmware_6.62

HOTFIXUpdate CPM Series devices to firmware version 8.06 or later

Long-term hardening

0/1

HARDENINGPlace devices on an isolated management network separate from operational process networks

CVEs (1)

CVE-2025-0630

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/577d87ce-1877-41a6-a70d-7087c5c83c79

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.