MICROSENS NMP Web+

Plan PatchCVSS 9.8ICS-CERT ICSA-25-175-07Jun 24, 2025

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

MICROSENS NMP Web+ versions 3.2.5 and earlier contain multiple vulnerabilities (CWE-547, CWE-613, CWE-22) that allow unauthenticated attackers to gain system access, overwrite files, or execute arbitrary code via the web interface. The vulnerabilities stem from improper input validation and path traversal issues. Successful exploitation grants full system access and control over the device.

What this means

What could happen

An attacker with network access to the NMP Web+ interface could execute arbitrary code or overwrite critical configuration files on the device, potentially disrupting network monitoring and control functions across your monitored infrastructure.

Who's at risk

Network administrators and operations staff at utilities, manufacturing plants, and facilities that use MICROSENS NMP Web+ for network monitoring and management. This device is commonly deployed in OT environments to monitor industrial network traffic and device health. Compromise could impact visibility into your entire monitored network.

How it could be exploited

An attacker on the network sends a crafted request to the NMP Web+ web interface (port 80/443). The application does not properly validate the request, allowing the attacker to execute code or access files outside the intended directory. The attacker gains full system access and can alter or disable network monitoring functions that rely on this device.

Prerequisites

Network reachability to NMP Web+ web interface (HTTP/HTTPS)
NMP Web+ version 3.2.5 or earlier installed
No authentication required

remotely exploitableno authentication requiredlow complexityallows arbitrary code executionfile overwrite capability

Exploitability

Some exploitation risk — EPSS score 3.4%

Affected products (1)

ProductAffected VersionsFix Status

NMP Web+: <=3.2.5≤ 3.2.53.3.0

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to the NMP Web+ management interface (HTTP/HTTPS ports) to only authorized engineering workstations and management subnets using firewall rules

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate NMP Web+ to version 3.3.0 or later for both Windows and Linux deployments

Long-term hardening

0/2

HARDENINGIf the NMP Web+ must be accessed remotely, place it behind a VPN and ensure only authenticated users can reach the interface

HARDENINGIsolate the NMP Web+ device on a dedicated network segment separate from critical control system networks to limit lateral movement if compromised

CVEs (3)

CVE-2025-49151 CVE-2025-49152 CVE-2025-49153

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/736e9802-518b-4b13-92ec-c1c2b612a7c0

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.