KUNBUS RevPi Webstatus

Act Now9.8ICS-CERT ICSA-25-191-09Jul 10, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A vulnerability in KUNBUS Revolution Pi Webstatus versions 2.4.5 and prior allows attackers to bypass authentication and gain unauthorized access to the application. This affects the Webstatus web interface on RevPi systems running Bullseye OS versions from June 2023 through April 2024. Successful exploitation allows an attacker to access and modify device settings without providing valid credentials, potentially compromising control system operations.

What this means

What could happen

An attacker could bypass authentication on the Webstatus interface and gain unauthorized access to the Revolution Pi system, potentially allowing them to modify process configurations, disable safety interlocks, or disrupt normal operations.

Who's at risk

Water and wastewater utilities, municipal electric systems, and other industrial operations using KUNBUS Revolution Pi control systems as edge controllers or local automation devices. This affects any RevPi Webstatus deployment used for process monitoring or configuration in critical infrastructure.

How it could be exploited

An attacker on the network (or Internet, if the device is exposed) can send requests directly to the Webstatus web interface on port 80/443 without providing valid credentials. No user interaction is needed; the authentication bypass occurs at the application level, allowing full control of the RevPi system configuration.

Prerequisites

Network reachability to the Webstatus web interface (default HTTP/HTTPS ports)
No valid credentials required

Remotely exploitable (network-accessible)No authentication requiredLow complexity attackHigh EPSS score (19.1%)No patch available for OS releases (end-of-life)Affects control system interface and configuration

Exploitability

High exploit probability (EPSS 19.1%)

Affected products (6)

1 with fix5 EOL

ProductAffected VersionsFix Status

Revolution Pi Webstatus: <=2.4.5≤ 2.4.52.4.6

Revolution Pi OS Bullseye: 04/202404/2024No fix (EOL)

Revolution Pi OS Bullseye: 09/202309/2023No fix (EOL)

Revolution Pi OS Bullseye: 07/202307/2023No fix (EOL)

Revolution Pi OS Bullseye: 06/202306/2023No fix (EOL)

Revolution Pi OS Bullseye: 02/202402/2024No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGIsolate the Revolution Pi device behind a firewall and restrict access to the Webstatus interface to trusted engineering networks only

HARDENINGIf remote access to Webstatus is required, use a VPN to encrypt and authenticate traffic before allowing access to the interface

HARDENINGEnsure the Revolution Pi device is not directly accessible from the Internet; remove any port forwarding rules or public IP assignments to the management interface

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Revolution Pi Webstatus to version 2.4.6 or later using apt-get update && apt-get upgrade or manual dpkg installation

CVEs (1)

CVE-2025-41646

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/21848a7d-d025-471e-b4db-b823ee36aa58