Lantronix XPort (Update A)

Act Now9.8ICS-CERT ICSA-25-105-05Apr 15, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

XPort firmware versions 6.5.0.7 through 7.0.0.2 contain an authentication bypass vulnerability (CWE-306) in the configuration interface. An attacker can access the management interface without credentials, potentially viewing or modifying device configuration and disrupting monitoring and operations.

What this means

What could happen

An attacker could gain unauthorized access to the XPort configuration interface without authentication, allowing them to view or modify monitoring system settings and potentially disrupt critical operational visibility and control.

Who's at risk

Water utilities and electric utilities using Lantronix XPort devices for remote device management and monitoring should prioritize this. Any facility relying on XPort for SCADA remote terminal unit (RTU) management or edge device communication is affected if running vulnerable firmware versions 6.5.0.7 through 7.0.0.2.

How it could be exploited

An attacker on the network can send requests to the XPort device on port 80/443 (HTTP/HTTPS) or other management ports without providing credentials, bypassing authentication checks to reach the configuration interface where they can modify settings or extract sensitive information.

Prerequisites

Network access to the XPort management interface
Device is reachable from the attacker's network segment
No credentials required

Remotely exploitableNo authentication requiredLow complexity attackCritical CVSS score (9.8)Affects management and visibility systems

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (1)

ProductAffected VersionsFix Status

XPort: >=6.5.0.7|<7.0.0.3≥ 6.5.0.7|<7.0.0.38.0.0.0

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGIsolate XPort devices from direct internet access and place behind firewall with port restrictions

WORKAROUNDRestrict network access to XPort management ports to authorized engineering workstations only using firewall rules

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade XPort firmware to v8.0.0.0 or later

Long-term hardening

0/2

HARDENINGImplement network segmentation to isolate control system networks from business networks

HARDENINGIf remote access is required, use VPN with current security patches

CVEs (1)

CVE-2025-2567

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/65185f25-f21f-49da-a736-b295f9cd2ca3