OTPulse
FeedAboutContact

Lantronix Device Installer

Monitor6.8ICS-CERT ICSA-25-142-01May 22, 2025
Attack VectorAdjacent
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

Lantronix Device Installer versions 4.4.0.7 and earlier contain an XML external entity (XXE) injection vulnerability (CWE-611) that could allow an attacker with local network access to execute code on the host machine. The affected product reached end-of-support in 2018 and will not receive any security updates. Exploitation requires the user to process a malicious file or be socially engineered. Remote exploitation is not possible.

What this means
What could happen
An attacker with local network access to a machine running the end-of-life Device Installer software could execute code on that machine with the same privileges as the running process. This could compromise systems used to configure and provision Lantronix network devices in your plant network.
Who's at risk
Engineering and operations teams at utilities and industrial facilities who use Lantronix Device Installer for network device configuration and provisioning. This includes water authorities, electric utilities, and other plant operators who rely on Lantronix network devices for remote management and control of field equipment.
How it could be exploited
An attacker must be on the local network segment where Device Installer is running. They would craft a malicious XML external entity (XXE) payload and deliver it to the application—likely through social engineering or a compromised file—to trigger code execution on the host machine.
Prerequisites
  • Local network access to the same network segment as the Device Installer host
  • Device Installer software version 4.4.0.7 or earlier running on Windows or relevant OS
  • User interaction required—attacker must convince user to open/process a malicious file
End-of-life product—no patch availableLow complexity attackLocal network access requiredUser interaction needed (social engineering or malicious file delivery)
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
Device Installer: <=4.4.0.7≤ 4.4.0.7No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/3
HOTFIXMigrate to Lantronix Provisioning Manager, the supported replacement product, as soon as possible. Plan and schedule the migration during a maintenance window.
HARDENINGIf immediate migration is not possible, isolate any machine running Device Installer from the production network. Place it on a separate, air-gapped segment or disable network access entirely.
HARDENINGIf Device Installer must remain networked, implement network segmentation and firewall rules to restrict access to the host machine to only authorized engineering workstations and management systems on a protected network segment.
Mitigations - no patch available
0/1
Device Installer: <=4.4.0.7 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGConfigure the host machine to block email and web access, or at minimum restrict users from opening email attachments and clicking untrusted links.
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/dd1d6dd5-1a25-4008-b468-6e647fdd44ea
Lantronix Device Installer | CVSS 6.8 - OTPulse