Vertiv Liebert RDU101 and UNITY

Act Now9.8ICS-CERT ICSA-25-140-10May 20, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Liebert RDU101 and IS-UNITY devices contain authentication bypass and buffer overflow vulnerabilities (CWE-288, CWE-121) that allow remote code execution or denial-of-service attacks. An attacker with network access can send malicious requests to these unpatched devices to crash them or run arbitrary commands, affecting cooling and facility monitoring operations. RDU101 versions up to 1.9.0.0 and IS-UNITY versions up to 8.4.1.0 are affected.

What this means

What could happen

An attacker with network access to Liebert RDU101 or IS-UNITY devices could execute arbitrary code or crash them, disrupting cooling and facility infrastructure monitoring across your data center or critical infrastructure.

Who's at risk

Facility managers and OT operators at data centers, hospitals, utilities, and other critical infrastructure that rely on Vertiv Liebert cooling systems (RDU101) or UNITY-based facility monitoring. Any organization using these devices for HVAC control, power distribution monitoring, or facility automation.

How it could be exploited

An attacker on the network sends a specially crafted request to an RDU101 or IS-UNITY device over the network. The device processes this request without proper validation (CWE-288: improper authentication, CWE-121: stack-based buffer overflow), allowing the attacker to run commands on the device or crash it.

Prerequisites

Network access to Liebert RDU101 or IS-UNITY device management port
Device must be reachable from attacker's network location
No authentication credentials required

Remotely exploitableNo authentication requiredLow complexity attackCritical CVSS score (9.8)Affects facility infrastructure controlDefault or easily accessible management interfaces

Exploitability

Low exploit probability (EPSS 0.9%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

Liebert RDU101: <=1.9.0.0≤ 1.9.0.0v1.9.1.2_0000001

Liebert IS-UNITY: <=8.4.1.0≤ 8.4.1.0v8.4.3.1_00160

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDRestrict network access to RDU101 and IS-UNITY devices using firewall rules; only permit connections from authorized engineering workstations and monitoring systems

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Liebert RDU101 to firmware v1.9.1.2_0000001 or later

HOTFIXUpdate IS-UNITY to firmware v8.4.3.1_00160 or later

Long-term hardening

0/2

HARDENINGIsolate RDU101 and IS-UNITY devices from business networks; place on a separate control system network behind a firewall

HARDENINGImplement VPN for any remote access to these devices; ensure VPN is kept current with latest security patches

CVEs (2)

CVE-2025-46412 CVE-2025-41426

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0e374885-b1b2-41fb-8439-23abea59df39