MICROSENS NMP Web+

Act Now9.8ICS-CERT ICSA-25-175-07Jun 24, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

NMP Web+ versions 3.2.5 and earlier contain multiple vulnerabilities (CWE-547 bad exception handling, CWE-613 insufficient session validation, CWE-22 path traversal) that allow unauthenticated, remotely-exploitable code execution and file overwrite. An attacker can gain system access and execute arbitrary code without credentials or user interaction.

What this means

What could happen

An unauthenticated attacker on your network could execute commands on the NMP Web+ management device, potentially disrupting monitoring and configuration of MICROSENS network infrastructure or altering device settings.

Who's at risk

Network operators and infrastructure teams responsible for MICROSENS NMP Web+ deployment, particularly those using it as a centralized management point for network switches, media converters, or other MICROSENS network infrastructure in water utilities, power distribution facilities, or manufacturing plants where network visibility and device configuration is critical to operational continuity.

How it could be exploited

An attacker with network access to the NMP Web+ management interface (typically port 80/443) can exploit path traversal (CWE-22) or session validation weaknesses (CWE-613) to bypass authentication and upload malicious files or trigger arbitrary code execution without requiring valid credentials.

Prerequisites

Network access to NMP Web+ HTTP/HTTPS port (typically 80 or 443)
NMP Web+ version 3.2.5 or earlier running

remotely exploitableno authentication requiredlow complexityhigh CVSS score (9.8)affects network management system

Exploitability

Moderate exploit probability (EPSS 2.0%)

Affected products (1)

ProductAffected VersionsFix Status

NMP Web+: <=3.2.5≤ 3.2.53.3.0

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGIsolate NMP Web+ management interface behind a firewall; restrict network access to management interface from only authorized engineering/IT workstations and never expose to the internet

HARDENINGIf remote management access is required, deploy VPN with multi-factor authentication and restrict NMP Web+ access exclusively through the VPN tunnel

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate NMP Web+ to version 3.3.0 or later on all affected Windows and Linux systems

Long-term hardening

0/1

HARDENINGSegment NMP Web+ management network from production control networks; do not allow direct access from field devices

CVEs (3)

CVE-2025-49151 CVE-2025-49152 CVE-2025-49153

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/736e9802-518b-4b13-92ec-c1c2b612a7c0