Emerson Appleton UPSMON-PRO

Plan PatchCVSS 9.8ICS-CERT ICSA-25-324-06Nov 20, 2025

EmersonHealthcareManufacturing

Summary

A buffer overflow vulnerability (CWE-121) in Appleton UPSMON-PRO versions 2.6 and earlier allows remote attackers to execute arbitrary code via malformed UDP packets sent to port 2601. Emerson has declared the product end-of-life and unsupported; no patch will be released. The vulnerability requires only network access to the device and no authentication.

What this means

What could happen

An attacker could execute arbitrary code on the UPS monitoring system, potentially disrupting power monitoring and alerting capabilities that are critical to maintaining stable operations at manufacturing and healthcare facilities.

Who's at risk

Manufacturing and healthcare organizations using Emerson Appleton UPSMON-PRO for UPS (uninterruptible power supply) monitoring. This product monitors backup power systems that keep facilities operational during outages. Any site still running UPSMON-PRO version 2.6 or earlier is affected.

How it could be exploited

An attacker on the network sends a malformed UDP packet to port 2601 on the UPSMON-PRO device, triggering a buffer overflow (CWE-121) that allows code execution. The attacker does not need valid credentials and can operate from anywhere with network access to the device.

Prerequisites

Network access to UDP port 2601 on the UPSMON-PRO device
Device must be running Appleton UPSMON-PRO version 2.6 or earlier

remotely exploitableno authentication requiredlow complexityno patch availableend-of-life productaffects critical power infrastructure monitoring

Exploitability

Some exploitation risk — EPSS score 2.8%

Affected products (1)

ProductAffected VersionsFix Status

Appleton UPSMON-PRO: <=2.6≤ 2.6No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/3

WORKAROUNDBlock UDP port 2601 at your firewall for all UPSMON-PRO installations

HARDENINGIsolate UPS monitoring network segments from general corporate networks using network segmentation or VLAN separation

WORKAROUNDImplement network-level packet filtering to reject oversized UDP packets destined for port 2601

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGMonitor system logs and event viewer for UPSMONProSer.exe service crashes, which may indicate exploitation attempts

HOTFIXReplace UPSMON-PRO with an actively supported UPS monitoring solution

CVEs (1)

CVE-2024-3871

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0a5a76ff-c792-41df-92fe-c2d8a404b1eb

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.