ControlID iDSecure On-premises

Act Now9.1ICS-CERT ICSA-25-175-05Jun 24, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

ControlID iDSecure On-premises versions 4.7.48.0 and earlier contain authentication bypass, information disclosure, and SQL injection vulnerabilities (CWE-287, CWE-918, CWE-89). An unauthenticated remote attacker can exploit these flaws to bypass authentication, retrieve sensitive information, leak arbitrary data, or perform SQL injection attacks against the iDSecure database. ControlID has released version 4.7.50.0 as a fix.

What this means

What could happen

An attacker without credentials could bypass authentication on iDSecure On-premises and execute SQL injection attacks to extract sensitive data, alter configuration, or compromise the authentication system that controls access to your identity and security management infrastructure.

Who's at risk

Organizations running ControlID iDSecure On-premises for identity and access management should prioritize this vulnerability. It affects authentication infrastructure that guards access to engineering workstations, operator interfaces, and potentially other control system devices that rely on iDSecure for credential verification. Any utility, manufacturing facility, or enterprise with centralized IAM dependent on iDSecure is at risk.

How it could be exploited

An attacker on the network sends a crafted HTTP request to the iDSecure web interface. By exploiting authentication bypass (CWE-287) combined with SQL injection (CWE-89), they can extract user credentials, system configuration, or manipulate database queries without logging in. No user interaction is required.

Prerequisites

Network access to iDSecure web interface (default port 443/HTTPS)
iDSecure On-premises running version 4.7.48.0 or earlier
No authentication credentials required

Remotely exploitableNo authentication requiredLow complexitySQL injection and authentication bypassHigh CVSS (9.1)Affects security infrastructure

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

iDSecure On-premises: <=4.7.48.0≤ 4.7.48.04.7.50.0

Remediation & Mitigation

0/3

Do now

0/2

HARDENINGRestrict network access to iDSecure On-premises from the business network and internet; place behind firewall and isolate on control system network segment

HARDENINGIf remote access to iDSecure is required, route through a VPN tunnel and restrict VPN access to authorized personnel only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate iDSecure On-premises to version 4.7.50.0 or later

CVEs (3)

CVE-2025-49851 CVE-2025-49852 CVE-2025-49853

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/5e6553bf-5fa0-4185-9538-3e68953b0171