Optigo Networks ONS NC600

Plan PatchCVSS 9.8ICS-CERT ICSA-25-126-01May 6, 2025

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The Optigo Networks ONS NC600 devices running firmware versions 4.2.1-084 through 4.7.2-330 contain hard-coded credentials that allow unauthenticated remote attackers to establish an authenticated session and execute arbitrary OS commands on the management device. The vulnerability is tracked as CWE-798 (Use of Hard-Coded Credentials). The vendor has confirmed this product is end-of-life and will not be patched.

What this means

What could happen

An attacker with network access to the ONS NC600 can use hard-coded credentials to log in and execute arbitrary operating system commands, potentially allowing them to alter network configuration, disable monitoring, or disrupt operations controlled by the OneView management platform.

Who's at risk

Organizations using Optigo Networks ONS NC600 as a OneView management platform should care. This device is typically used to manage network configuration and monitoring in small-to-medium OT environments, including water/wastewater, electric utilities, and manufacturing facilities. Any site using OneView to centrally manage switches, controllers, or monitoring devices is at risk.

How it could be exploited

The attacker sends authentication requests to the ONS NC600 over the network using embedded credentials baked into the firmware. Once authenticated, the attacker gains OS-level command execution on the OneView management device, which typically manages OT network configuration and monitoring.

Prerequisites

Network access to ONS NC600 (typically reachable from local OT/business network)
No additional credentials needed; hard-coded credentials are embedded in the device firmware

Remotely exploitable over networkNo authentication required (hard-coded credentials)Low attack complexityAffects management/control systemsNo patch available from vendor

Exploitability

Unlikely to be exploited — EPSS score 0.5%

Affected products (1)

ProductAffected VersionsFix Status

ONS NC600: >=4.2.1-084|<=4.7.2-330≥ 4.2.1-084|≤ 4.7.2-330No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDImplement network-based access controls: configure firewall rules to restrict which devices and IP addresses are permitted to access OneView (whitelist approach).

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGIsolate the BMS (Building/Business Management System) computer running OneView on a dedicated network interface with no routing to untrusted networks.

HARDENINGMonitor network traffic to OneView for unexpected authentication attempts or commands from unauthorized sources.

Mitigations - no patch available

0/2

ONS NC600: >=4.2.1-084|<=4.7.2-330 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGRestrict network access to OneView to a dedicated, isolated management network segment separate from business and OT operational networks.

HARDENINGRequire all external access to OneView to be routed through a secure VPN tunnel with multi-factor authentication.

CVEs (1)

CVE-2025-4041

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/63afde3e-2f09-4367-88a5-6f842d13d5ed

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.