OTPulse
FeedAboutContact

Lantronix Provisioning Manager

Plan Patch8ICS-CERT ICSA-25-203-02Jul 22, 2025
Attack VectorAdjacent
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

A cross-site scripting (XSS) vulnerability in Lantronix Provisioning Manager versions 7.10.2 and earlier allows an attacker with network access to the web interface to inject malicious scripts. When an administrator or user views the crafted payload, the script executes in their browser session. This could allow the attacker to execute arbitrary commands on the provisioning manager server, modify device configurations, or deploy malicious firmware to provisioned equipment such as serial servers, cellular gateways, or terminal servers.

What this means
What could happen
An attacker with access to the Lantronix Provisioning Manager web interface could inject malicious scripts that execute in a user's browser, potentially allowing remote code execution on the provisioning manager server or connected devices.
Who's at risk
Water utilities, electric utilities, and other operators who use Lantronix Provisioning Manager to configure and manage serial-to-IP devices, cellular gateways, terminal servers, and remote management appliances should prioritize this update. This tool is commonly used to provision and manage field equipment and out-of-band management access.
How it could be exploited
An attacker on the local network (or via compromised VPN access) sends a crafted request containing malicious script code to the Provisioning Manager web interface. When an administrator or user accesses the vulnerable page, the script executes in their browser session with full privileges to the provisioning manager, allowing the attacker to create or modify device configurations, upload firmware, or execute commands on provisioned devices.
Prerequisites
  • Network access to Provisioning Manager web interface (port 80/443 or configured alternate)
  • User interaction required: a legitimate user must view the malicious payload in their browser
  • Provisioning Manager version 7.10.2 or earlier
remotely exploitableuser interaction requiredlow complexityhigh CVSS score (8.0)web-based interface
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
Provisioning Manager: <=7.10.2≤ 7.10.27.10.4 or later
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDRestrict network access to Provisioning Manager web interface to authorized subnets only using firewall rules
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Lantronix Provisioning Manager to version 7.10.4 or later
Long-term hardening
0/2
HARDENINGImplement network segmentation to isolate the Provisioning Manager and provisioned devices from business networks and internet access
HARDENINGIf remote access to Provisioning Manager is required, require VPN authentication and use host-based access controls
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/237a7081-39d0-4fd4-bc8a-0c29ea3b53b8