Zenitel TCIV-3+

Plan PatchCVSS 9.8ICS-CERT ICSA-25-329-03Nov 25, 2025

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Zenitel TCIV-3+ below version 9.3.3.0 contains multiple vulnerabilities including arbitrary code execution (CWE-78, CWE-787) and cross-site scripting (CWE-79). Successful exploitation could result in arbitrary code execution or denial-of-service conditions.

What this means

What could happen

An attacker could execute arbitrary commands on the TCIV-3+ device, potentially taking over emergency communication systems, disabling call routing, or triggering false alarms in safety-critical facilities.

Who's at risk

This affects Zenitel TCIV-3+ emergency communication systems used in facilities that rely on critical communication infrastructure, including hospitals, fire/police dispatch centers, building management systems, and industrial plants with emergency response coordination.

How it could be exploited

An attacker with network access to the TCIV-3+ device can send specially crafted requests that exploit the code execution or buffer overflow vulnerabilities (CWE-78, CWE-787) to execute arbitrary commands, or inject malicious scripts (CWE-79) if the device hosts a web interface.

Prerequisites

Network access to the TCIV-3+ device on port(s) used by the vulnerable service
No authentication required (CVSS shows PR:N)

remotely exploitableno authentication requiredlow complexityhigh EPSS score (10.9%)affects safety systemsarbitrary code execution possible

Exploitability

Some exploitation risk — EPSS score 8.3%

Affected products (1)

ProductAffected VersionsFix Status

TCIV-3+: <9.3.3.0<9.3.3.09.3.3.0

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGRestrict network access to the TCIV-3+ device; ensure it is not accessible from the Internet or untrusted networks

HARDENINGIsolate the TCIV-3+ device behind a firewall and separate from the business network

WORKAROUNDIf remote access to the TCIV-3+ is required, use a secure VPN with current security patches and strong authentication

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade TCIV-3+ firmware to version 9.3.3.0 or later

CVEs (5)

CVE-2025-64126 CVE-2025-64127 CVE-2025-64128 CVE-2025-64129 CVE-2025-64130

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e887982a-bc06-48cf-9216-7dd4b5b1b0ab

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.