Milesight UG65-868M-EA

MonitorCVSS 6.8ICS-CERT ICSA-25-126-02May 6, 2025

Attack path

Attack VectorNetwork

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

The Milesight UG65-868M-EA wireless gateway contains a command injection vulnerability that allows any user with admin privileges to inject and execute arbitrary shell commands on the device. Exploitation could compromise the gateway's operation or the integrity of connected wireless sensors. The vendor has released firmware version 60.0.0.46 to address this issue.

What this means

What could happen

An administrative user with access to the Milesight UG65 gateway could inject arbitrary shell commands, potentially allowing them to modify gateway operations, disrupt network connectivity, or compromise the gateway and any connected IoT/wireless devices.

Who's at risk

Municipal and water utility IT staff managing wireless IoT sensor networks should pay attention. The Milesight UG65 is a wireless gateway device commonly used to collect data from IoT sensors over proprietary protocols. Compromised gateways could disrupt remote monitoring of critical infrastructure sensors or allow an attacker to alter or suppress sensor readings.

How it could be exploited

An attacker must first gain admin credentials or privileges on the UG65 gateway—either through compromise of an administrative account, default credentials, or local access. Once authenticated as an admin, they can inject shell commands through the device's interface or API to execute arbitrary code with the same privileges as the gateway process.

Prerequisites

Admin-level credentials or privileged account access to the UG65 gateway
Network access to the gateway's management interface or API
Knowledge of command injection syntax specific to the gateway's input handling

Requires administrative privilegeAffects device management interfaceNo public exploit available yet

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Affected products (1)

ProductAffected VersionsFix Status

UG65-868M-EA: <Firmware_60.0.0.46<Firmware 60.0.0.4660.0.0.46

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDRestrict network access to the UG65 gateway's management interface to authorized administrative users and networks only; use firewall rules to block management access from untrusted networks

HARDENINGEnforce strong, unique admin credentials on all UG65 gateways and disable any default or factory-reset accounts

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate UG65 gateway firmware to version 60.0.0.46 or later

Long-term hardening

0/1

HARDENINGPlace the UG65 gateway behind a firewall and isolate it from the business IT network; use a dedicated network segment for wireless/IoT gateway devices

CVEs (1)

CVE-2025-4043

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/85672b38-8598-4333-a64b-dac1e6814ff6

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.