LS Electric GMWin 4

Monitor7.8ICS-CERT ICSA-25-168-02Jun 17, 2025

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

LS Electric GMWin 4 contains buffer overflow and related memory safety vulnerabilities (CWE-122, CWE-125, CWE-787) in version 4.18. Successful exploitation could allow disclosure of sensitive information or arbitrary code execution. The product has been discontinued and is no longer supported by the vendor. These vulnerabilities are not remotely exploitable.

What this means

What could happen

An attacker with local access to a machine running GMWin 4 could read sensitive engineering data or execute arbitrary code to modify control logic or system configuration. Since GMWin 4 is typically used for engineering and configuration of automation systems, compromise could affect plant operations if the attacker gains access to connected control devices.

Who's at risk

Organizations in the energy sector that use LS Electric GMWin 4 for engineering, configuration, and maintenance of automation systems should be concerned. This includes utilities operating power generation, transmission, and distribution systems that rely on GMWin 4 for HMI/SCADA engineering and configuration workstations. Any facility using GMWin 4 for control system programming is affected.

How it could be exploited

An attacker would need local access to a Windows machine running GMWin 4 and could trigger the buffer overflow vulnerability through a malicious file or input to the application. The attacker would likely need to get a user to interact with the application (open a crafted file or project), then the vulnerability could execute code in the context of the GMWin 4 user account.

Prerequisites

Local access to a Windows machine running GMWin 4 version 4.18
User interaction required to trigger the vulnerability (opening a malicious file or project)
No special credentials or privileges required to exploit the vulnerability itself

no patch available (product discontinued)local access required but low complexity to exploitaffects engineering workstations that may have network access to production control systemsno public exploitation reportedhigh impact if engineering workstation is compromised

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (1)

ProductAffected VersionsFix Status

GMWin 4: 4.184.18No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGIsolate engineering workstations running GMWin 4 from the business network and the internet

HARDENINGRestrict local access to machines running GMWin 4 to authorized engineering personnel only

HARDENINGEnsure GMWin 4 workstations are not used to access email or untrusted web content

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXMigrate away from GMWin 4 to LS Electric's XGT series replacement

HARDENINGImplement endpoint protection (antivirus/malware detection) on machines running GMWin 4

CVEs (3)

CVE-2025-49850 CVE-2025-49849 CVE-2025-49848

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/6650a328-6cff-4624-b0ea-9ab042ef036d