Optigo Networks Visual BACnet Capture Tool / Optigo Visual Networks Capture Tool

Act Now9.8ICS-CERT ICSA-25-070-02Mar 11, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Two vulnerabilities in the Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool (version 3.1.2rc11 and earlier) allow an attacker to bypass authentication (CWE-288) and gain control over the products or impersonate the web applications. The vulnerabilities have a CVSS score of 9.8, with vectors indicating network-based attacks requiring no user interaction or authentication. Successful exploitation could allow an attacker to take control of the tool's functions, potentially enabling them to intercept, manipulate, or exfiltrate building automation system data.

What this means

What could happen

An attacker could bypass authentication and gain control of the Visual BACnet Capture Tool or Visual Networks Capture Tool, potentially allowing them to manipulate network traffic capture, impersonate the web application, or access sensitive building automation system (BAS) data.

Who's at risk

Building automation system (BAS) operators and network administrators who deploy the Visual BACnet Capture Tool or Visual Networks Capture Tool for network troubleshooting and monitoring. These tools are used in commercial buildings, campuses, and facilities to analyze BACnet protocol traffic.

How it could be exploited

An attacker on the network sends a specially crafted request to the web interface of the affected tool that bypasses authentication checks. Once authenticated, they can execute arbitrary commands or modify the application's behavior to capture or redirect building automation traffic.

Prerequisites

Network access to the web interface port of the Visual BACnet Capture Tool or Visual Networks Capture Tool
The tool must be deployed and accessible from the network

Remotely exploitableNo authentication requiredLow complexity attackCritical CVSS score (9.8)Affects network monitoring and building automation systems

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

Visual BACnet Capture Tool: 3.1.2rc113.1.2rc11v3.1.3rc8

Optigo Visual Networks Capture Tool: 3.1.2rc113.1.2rc11v3.1.3rc8

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGIsolate the capture tool systems from the Internet; do not expose the web interface to external networks

HARDENINGPlace the capture tool behind a firewall and restrict network access to authorized personnel only

WORKAROUNDUse a VPN for any remote access required to the capture tool, and keep the VPN software updated to the latest version

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Visual BACnet Capture Tool to version v3.1.3rc8 or later

HOTFIXUpgrade Optigo Visual Networks Capture Tool to version v3.1.3rc8 or later

CVEs (3)

CVE-2025-2079 CVE-2025-2080 CVE-2025-2081

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/7dfc98ff-1025-4345-aa88-355880bf93d3