OTPulse
FeedAboutContact

Viessmann Vitogate 300

Plan Patch8.8ICS-CERT ICSA-25-266-04Sep 23, 2025
Attack VectorAdjacent
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Viessmann Vitogate 300 gateway contains vulnerabilities (CWE-78 OS command injection, CWE-602 client-server interaction) that allow a local network attacker to modify OS commands sent to downstream HVAC or boiler control components. Affected versions are earlier than 3.1.0.1. These vulnerabilities do not permit remote exploitation but pose risk to organizations with exposed Vitogate 300 devices on accessible networks.

What this means
What could happen
An attacker with local network access could modify OS commands sent from the Vitogate 300 gateway to downstream components, potentially altering heating system controls or causing unexpected behavior in the connected HVAC/boiler system.
Who's at risk
Heating system operators and building management staff responsible for Vitogate 300 gateways, particularly in district heating, commercial HVAC, or municipal utility facilities where this Viessmann gateway interfaces with boiler or heating control systems.
How it could be exploited
An attacker on the local network can intercept or modify command communications between the Vitogate 300 and its downstream HVAC or boiler control components. By altering these OS commands, the attacker could change system parameters, disable safety functions, or cause the heating system to operate outside normal parameters.
Prerequisites
  • Local network access to the Vitogate 300 device or the network segment it communicates on
  • No authentication required to intercept or modify commands
  • Vitogate 300 running software version earlier than 3.1.0.1
Low network complexity attackNo authentication requiredAffects heating system controlLocal network access only (not remotely exploitable)
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (1)
ProductAffected VersionsFix Status
Vitogate 300: <3.1.0.1<3.1.0.13.1.0.1
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGImplement network segmentation so the Vitogate 300 cannot be reached from untrusted network segments or the internet
WORKAROUNDIf remote access to the Vitogate 300 is required, use a VPN connection and keep VPN software updated to the latest version
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Vitogate 300 software to version 3.1.0.1 or newer
Long-term hardening
0/1
HARDENINGIsolate the Vitogate 300 and its connected heating system on a separate network segment behind a firewall, with restricted access from building automation or business networks
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/a69df456-1b46-4f83-aef5-23feba0b4a8d
Viessmann Vitogate 300 | CVSS 8.8 - OTPulse