Optigo Networks ONS NC600

Act Now9.8ICS-CERT ICSA-25-126-01May 6, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The ONS NC600 contains hard-coded credentials in the device firmware that are identical across all deployed units. An attacker who reaches the device over the network can authenticate using these credentials and execute arbitrary OS commands. Affected versions are 4.2.1-084 through 4.7.2-330. The vendor has not released a patch and does not plan to fix this vulnerability.

What this means

What could happen

An attacker with network access to the ONS NC600 could use hard-coded credentials to log in and execute arbitrary OS commands on the device, potentially disrupting building management operations or enabling lateral movement into the OT network.

Who's at risk

Building Management System (BMS) operators and facility managers who use Optigo Networks OneView to configure and manage ONS NC600 network switches. This affects any mid-size facility with networked environmental or building automation controls that depend on this device for network infrastructure.

How it could be exploited

An attacker identifies a reachable ONS NC600 device on the network, connects to it using hard-coded credentials that are the same across all installations, and executes OS-level commands to compromise the system or gain further access to downstream OT devices.

Prerequisites

Network access to the ONS NC600 device (port/interface not specified in advisory)
No valid user credentials required; hard-coded credentials are embedded in the device

Remotely exploitableNo authentication required (hard-coded credentials)Low complexity attackNo patch availableHard-coded credentials in device firmwareOT network management device

Exploitability

Low exploit probability (EPSS 0.5%)

Affected products (1)

ProductAffected VersionsFix Status

ONS NC600: >=4.2.1-084|<=4.7.2-330≥ 4.2.1-084|≤ 4.7.2-330No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/4

HARDENINGIsolate the ONS NC600 and OneView management system behind a firewall with a whitelist of only approved management workstations

HARDENINGUse a dedicated NIC on the BMS computer exclusively for connecting to OneView to manage OT network configuration

HARDENINGRequire all connections to OneView to transit through a secure VPN with strong authentication

HARDENINGMonitor for network connections to ONS NC600 devices from unexpected sources

Mitigations - no patch available

0/1

ONS NC600: >=4.2.1-084|<=4.7.2-330 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGEnsure ONS NC600 devices are not reachable from the internet or business network; place them behind firewalls on an isolated OT segment

CVEs (1)

CVE-2025-4041

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/63afde3e-2f09-4367-88a5-6f842d13d5ed