LS Electric GMWin 4

MonitorCVSS 7.8ICS-CERT ICSA-25-168-02Jun 17, 2025

Energy

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

LS Electric GMWin 4 (version 4.18) contains buffer overflow and memory disclosure vulnerabilities (CWE-122, CWE-125, CWE-787) that could allow an attacker with local access to disclose sensitive information or execute arbitrary code on the engineering workstation. The product has been discontinued and is no longer supported. Exploitation requires local access and user interaction; remote exploitation is not possible.

What this means

What could happen

An attacker with local access to a GMWin 4 engineering workstation could execute arbitrary code or extract sensitive information, potentially compromising the configuration, programming logic, or credentials stored in the engineering environment.

Who's at risk

Organizations using LS Electric GMWin 4 engineering software for control system development and configuration, particularly in the energy sector. This affects engineering departments and system integrators who use GMWin 4 to program and maintain industrial control systems.

How it could be exploited

An attacker must have physical or local network access to the GMWin 4 engineering workstation. They would leverage one of the buffer overflow or memory disclosure vulnerabilities (CWE-122, CWE-125, CWE-787) to either read sensitive data from memory or inject and run malicious code on the workstation, which could be used to modify or steal control system program files.

Prerequisites

Local access to GMWin 4 engineering workstation
User interaction required to trigger the vulnerability (e.g., opening a malicious file or project)
No special credentials or prior system compromise required

no patch availableproduct end-of-lifelocal exploitation onlyrequires user interaction

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

GMWin 4: 4.184.18No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDRestrict physical and network access to GMWin 4 engineering workstations to authorized personnel only

HARDENINGIsolate GMWin 4 engineering workstations from the business network and direct internet access

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXMigrate from LS Electric GMWin 4 to the recommended XGT series replacement engineering software

Mitigations - no patch available

0/1

GMWin 4: 4.18 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGImplement access controls and endpoint security on engineering workstations to detect and block execution of unauthorized code

CVEs (3)

CVE-2025-49850 CVE-2025-49849 CVE-2025-49848

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/6650a328-6cff-4624-b0ea-9ab042ef036d

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.