Danfoss AK-SM 8xxA Series (Update A)

Plan PatchCVSS 8.2ICS-CERT ICSA-25-140-03May 20, 2025

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionRequired

Summary

Danfoss AK-SM 8xxA Series controllers contain authentication bypass and command injection vulnerabilities (CVE-2025-41450, CVE-2025-41451, CVE-2025-41452) that could allow remote code execution. The vulnerabilities affect firmware versions below R4.2 for some CVEs and below R4.3.1 for others. While attack complexity is high, successful exploitation would grant an attacker full control of the device, enabling modification of automation logic, process setpoints, or operational parameters.

What this means

What could happen

An attacker could bypass authentication on the AK-SM 8xxA Series controller and execute arbitrary code, potentially altering automation setpoints, stopping critical processes, or modifying equipment behavior without authorization.

Who's at risk

Organizations operating Danfoss AK-SM 8xxA Series controllers in HVAC, refrigeration, and building automation systems should prioritize patching. These devices are commonly used in data centers, hospitals, and critical infrastructure where process interruption or equipment malfunction could have operational impact.

How it could be exploited

An attacker with network access to the AK-SM 8xxA Series would exploit authentication bypass and command injection vulnerabilities to gain remote code execution on the controller. The attack requires user interaction or specific network conditions (high complexity), but once successful, the attacker gains full control of the device.

Prerequisites

Network access to the AK-SM 8xxA Series device
User interaction or specific environmental conditions (high complexity attack)

Remotely exploitableAuthentication bypass possibleHigh CVSS score (8.2)Affects automation/process control devicesHigh attack complexity (mitigating factor)

Exploitability

Unlikely to be exploited — EPSS score 0.5%

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

AK-SM 8xxA Series: <R4.2<R4.2R4.2

AK-SM 8xxA Series: <4.3.1<4.3.1R4.2

Remediation & Mitigation

0/3

Do now

0/2

WORKAROUNDRestrict network access to AK-SM 8xxA Series devices by placing them behind firewalls and isolating them from business networks until patching is complete

HARDENINGDisable direct Internet access to AK-SM 8xxA Series controllers; require VPN or jump server for any remote administration

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate AK-SM 8xxA Series controllers to firmware version R4.2 or later using the official Danfoss Software Upgrade Process

CVEs (3)

CVE-2025-41450 CVE-2025-41451 CVE-2025-41452

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b3a8d88f-7453-4e28-92fc-b8f465c407f6

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.