Columbia Weather Systems MicroServer

Plan Patch8.8ICS-CERT ICSA-26-006-01Jan 6, 2026

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Columbia Weather Systems MicroServer contains multiple vulnerabilities that could allow an attacker with valid credentials to redirect connections to attacker-controlled devices, gain administrative access to the web portal, or obtain limited shell access. The vulnerabilities stem from insecure credential storage (CWE-313), improper restriction of rendered UI layers (CWE-553), and undefined behavior in server-side request handling (CWE-923). Affected firmware versions are older than MS_4.1_14142.

What this means

What could happen

An attacker with engineering workstation access could gain admin control of the MicroServer's web portal or execute shell commands, potentially allowing manipulation of weather monitoring data or disruption of station operations.

Who's at risk

Water utilities, electric utilities, and environmental monitoring systems using Columbia Weather Systems MicroServer for weather data collection and station monitoring. This affects any facility relying on accurate weather input for SCADA decisions or automated operations.

How it could be exploited

An attacker with valid credentials on the network can exploit privilege escalation vulnerabilities to gain administrative access to the web interface, or exploit insecure credential storage to obtain shell access. The attacker could then redirect connections to attacker-controlled devices or modify system configurations.

Prerequisites

Network access to the MicroServer web portal or management interface
Valid user or engineering account credentials
MicroServer firmware version older than MS_4.1_14142

remotely exploitableauthentication requiredlow complexity exploitinsecure credential storageno public patch available initially

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

MicroServer firmware: <MS_4.1_14142<MS 4.1 14142MS_4.1_14142 or later

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to the MicroServer web portal to authorized engineering workstations only

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate MicroServer firmware to version MS_4.1_14142 or later

HOTFIXContact Columbia Weather Systems Support (support@columbiaweather.com or 503-629-0887) to obtain the firmware update

Long-term hardening

0/1

HARDENINGSegment weather monitoring systems from critical operational networks

CVEs (3)

CVE-2025-61939 CVE-2025-64305 CVE-2025-66620

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/473d2f5b-384b-4835-93a9-6a0ef768834f