Emerson Appleton UPSMON-PRO
Plan Patch9.8ICS-CERT ICSA-25-324-06Nov 20, 2025
Summary
Emerson Appleton UPSMON-PRO contains a stack-based buffer overflow vulnerability (CWE-121) that could allow remote attackers to execute arbitrary code on affected installations. The product is End of Life and unsupported by Emerson.
What this means
What could happen
An attacker could remotely crash the UPS monitoring service or execute arbitrary code on the monitoring system, potentially disrupting power infrastructure visibility and operational awareness.
Who's at risk
Organizations operating UPS monitoring infrastructure in healthcare facilities and manufacturing plants relying on Appleton UPSMON-PRO for power system monitoring. This includes any facility where loss of visibility into UPS status could impact operations or patient safety.
How it could be exploited
An attacker sends a malformed UDP packet to port 2601 on a network-accessible UPSMON-PRO system. The oversized packet triggers a stack buffer overflow in the UDP listener, allowing the attacker to inject and execute arbitrary code with the privileges of the UPSMONProSer.exe service.
Prerequisites
- Network access to UDP port 2601
- UPSMON-PRO version 2.6 or earlier
- No authentication required
remotely exploitableno authentication requiredno patch availableend-of-life productaffects critical infrastructure monitoring
Exploitability
Moderate exploit probability (EPSS 2.9%)
Affected products (1)
ProductAffected VersionsFix Status
Appleton UPSMON-PRO: <=2.6≤ 2.6No fix (EOL)
Remediation & Mitigation
0/5
Do now
0/3WORKAROUNDBlock UDP port 2601 at the firewall for all UPSMON-PRO installations
HARDENINGIsolate UPS monitoring network from general corporate network using network segmentation or separate VLAN
WORKAROUNDImplement network-level packet filtering to reject oversized UDP packets destined for port 2601
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
WORKAROUNDMonitor for UPSMONProSer.exe service crashes as indicators of exploitation attempts
HOTFIXReplace UPSMON-PRO with an actively supported UPS monitoring solution
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/0a5a76ff-c792-41df-92fe-c2d8a404b1eb