IDIS ICM Viewer

Plan PatchCVSS 8.8ICS-CERT ICSA-25-308-05Nov 4, 2025

Attack path

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

A code execution vulnerability in IDIS ICM Viewer v1.6.0.10 and earlier allows an authenticated attacker to execute arbitrary code on systems running the affected version. The vulnerability results in high impact to confidentiality, integrity, and availability. IDIS requires all users to upgrade to version v1.7.1, as continued use of older versions will eventually render ICM Viewer unusable. Users who do not require ICM Viewer should uninstall it.

What this means

What could happen

An attacker with valid credentials could execute arbitrary code on any system running ICM Viewer, potentially compromising video surveillance infrastructure and any systems it accesses.

Who's at risk

Organizations operating video surveillance systems using IDIS ICM Viewer, particularly those in critical infrastructure sectors like water utilities, electric utilities, transportation, and security operations that rely on this software for monitoring and control.

How it could be exploited

An attacker with valid ICM Viewer credentials could send a specially crafted request to the application, causing it to execute arbitrary code on the local system. This could allow the attacker to take control of the surveillance system and pivot to other networked devices.

Prerequisites

Valid ICM Viewer login credentials
Network access to the ICM Viewer application
ICM Viewer version v1.6.0.10 or earlier running on the target system

Requires authentication to exploitHigh CVSS score (8.8)Impacts confidentiality, integrity, and availabilityCode execution on local system

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

ICM Viewer: v1.6.0.10v1.6.0.101.7.1

Remediation & Mitigation

0/2

Do now

0/1

WORKAROUNDIf ICM Viewer is not in use, uninstall the application immediately from all systems

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate ICM Viewer to version v1.7.1 or later

CVEs (1)

CVE-2025-12556

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/783495ff-5fb2-46be-88fe-62387f75e56f

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.