CyberData 011209 SIP Emergency Intercom

Plan PatchCVSS 9.8ICS-CERT ICSA-25-155-01Jun 5, 2025

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

CyberData 011209 SIP Emergency Intercom contains multiple vulnerabilities (CWE-288, CWE-306, CWE-89, CWE-522, CWE-35) that allow unauthenticated remote attackers to execute arbitrary code, disclose sensitive information, or cause denial of service. The vulnerabilities can be exploited over the network without user interaction. Affected versions: prior to 22.0.1.

What this means

What could happen

An attacker could execute arbitrary code, disclose sensitive configuration or credential data, or stop the emergency intercom system from functioning, preventing critical facility alarms and emergency communications.

Who's at risk

Facility operators who rely on CyberData 011209 SIP Emergency Intercoms for critical alarms and communications in commercial buildings, data centers, manufacturing plants, and other critical infrastructure. Any organization using this intercom model in versions prior to 22.0.1 should prioritize this update.

How it could be exploited

An attacker on the network or with internet access can send a specially crafted request to the intercom's web interface or SIP service without authentication. The device processes the request using unsafe SQL queries or command execution, allowing the attacker to run arbitrary code or extract database information.

Prerequisites

Network access to the intercom's IP address and port (HTTP/HTTPS and/or SIP port)
No credentials required for initial exploitation
Device must be reachable from the attacker's network segment or the internet

remotely exploitableno authentication requiredlow complexity attackhigh CVSS score (9.8)affects emergency/safety communication systems

Exploitability

Unlikely to be exploited — EPSS score 0.7%

Affected products (1)

ProductAffected VersionsFix Status

011209 SIP Emergency Intercom: <22.0.1<22.0.122.0.1

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to the intercom to only authorized facility networks; block all inbound access from the internet

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate CyberData 011209 SIP Emergency Intercom firmware to version 22.0.1 or later

Long-term hardening

0/2

HARDENINGIsolate the intercom on a dedicated network segment behind a firewall with rules permitting only required SIP and management traffic

HARDENINGIf remote access to the intercom is required, route it through a VPN or secure management channel; do not expose the device directly to the internet

CVEs (5)

CVE-2025-30184 CVE-2025-26468 CVE-2025-30507 CVE-2025-30183 CVE-2025-30515

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e3d841c8-2e87-444b-b72c-03f97e55f963

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.