Western Telematic Inc NPS Series, DSM Series, CPM Series

Monitor6.5ICS-CERT ICSA-25-035-01Feb 4, 2025

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

A file access vulnerability in Western Telematic Inc NPS Series (Network Power Switch), DSM Series (Console Server), and CPM Series (Console Server + PDU Combo Unit) devices running firmware version 6.62 or earlier allows authenticated users to read files on the device filesystem beyond their authorized access level. The vulnerability could expose configuration data, credentials, or system files. Vendor patches were released in 2020; users should update to NPS firmware 4.02 or DSM/CPM firmware 8.06 or later.

What this means

What could happen

An authenticated attacker could read sensitive files on the device's filesystem, potentially accessing configuration data, credentials, or other confidential information stored on the power switch or console server.

Who's at risk

Energy sector utilities operating Western Telematic Network Power Switch (NPS), Console Server (DSM), or Console Server + PDU Combo (CPM) units for remote power and device management should update firmware and review access controls. Impact is on devices used for infrastructure management in power distribution and control systems.

How it could be exploited

An attacker with valid login credentials to the NPS, DSM, or CPM web interface or management console could exploit an improper file access vulnerability (CWE-73) to read arbitrary files on the device filesystem beyond what their role should permit. This requires network access to the management interface and valid user credentials.

Prerequisites

Network access to the device's management interface (web or console port)
Valid user or admin credentials for the NPS/DSM/CPM device
Device must be running affected firmware version 6.62 or earlier

Requires valid credentials (reduces but does not eliminate risk)No patch currently available for devices in production (vendor fix released in 2020 but user adoption may be incomplete)Affects infrastructure management devices (console servers and PDUs are critical for OT operations)Low complexity exploitation

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

Network Power Switch (NPS Series): <=Firmware_6.62≤ Firmware 6.624.02 or later

Console Server (DSM Series): <=Firmware_6.62≤ Firmware 6.628.06 or later

Console Server + PDU Combo Unit (CPM Series): <=Firmware_6.62≤ Firmware 6.628.06 or later

Remediation & Mitigation

0/6

Do now

0/2

HARDENINGChange default passwords on all NPS, DSM, and CPM devices immediately after deployment or discovery

HARDENINGRestrict network access to device management interfaces using firewall rules or network segmentation; do not expose to the Internet

Schedule — requires maintenance window

0/4

Patching may require device reboot — plan for process interruption

Network Power Switch (NPS Series): <=Firmware_6.62

HOTFIXUpdate NPS Series firmware to version 4.02 or later

Console Server (DSM Series): <=Firmware_6.62

HOTFIXUpdate DSM Series firmware to version 8.06 or later

Console Server + PDU Combo Unit (CPM Series): <=Firmware_6.62

HOTFIXUpdate CPM Series firmware to version 8.06 or later

All products

HARDENINGConsider using VPN with multi-factor authentication for any required remote management access

CVEs (1)

CVE-2025-0630

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/577d87ce-1877-41a6-a70d-7087c5c83c79