OTPulse
FeedAboutContact

Burk Technology ARC Solo

Act Now9.8ICS-CERT ICSA-25-219-03Aug 7, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Burk Technology ARC Solo devices running firmware versions before v1.0.62 contain a vulnerability that could allow an attacker to gain unauthorized access to the device, lock out legitimate users, or disrupt operations. The vulnerability requires no authentication and can be exploited remotely over the network.

What this means
What could happen
An attacker could gain control of an ARC Solo device remotely, potentially locking out authorized operators or disrupting critical automation processes that depend on the device for control or data acquisition.
Who's at risk
Any organization operating Burk Technology ARC Solo devices for automation, data acquisition, or process monitoring should prioritize this vulnerability. ARC Solo devices are commonly used in water treatment, wastewater, power generation, and industrial automation. If your facility uses ARC Solo for remote monitoring or control, immediate network isolation is critical.
How it could be exploited
An attacker on the network can send a crafted request to the ARC Solo device on its network interface. No credentials or user interaction are required. Once exploited, the attacker gains the ability to execute commands, modify settings, or lock out legitimate users from the device.
Prerequisites
  • Network connectivity to the ARC Solo device
  • Device running firmware version prior to v1.0.62
  • No authentication credentials required
remotely exploitableno authentication requiredlow complexitycritical severityhigh CVSS score (9.8)affects automation/control devices
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
ARC Solo: <v1.0.62<v1.0.62v1.0.62
Remediation & Mitigation
0/4
Do now
0/3
HARDENINGEnsure ARC Solo devices are not directly accessible from the internet; place them behind a firewall with restricted network access
HARDENINGIsolate ARC Solo devices and control system networks from business networks using network segmentation or DMZs
HARDENINGIf remote access is required, implement a VPN with strong authentication and keep VPN software updated to the latest version
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate ARC Solo firmware to version v1.0.62 or later from the Burk Technology website
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/83dc0ea2-1c84-4f0b-a260-a0b9727109a0