Columbia Weather Systems MicroServer

Plan PatchCVSS 8.8ICS-CERT ICSA-26-006-01Jan 6, 2026

Attack path

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Columbia Weather Systems MicroServer firmware contains multiple vulnerabilities (CWE-923, CWE-313, CWE-553) that allow an attacker to redirect connections to an attacker-controlled device, gain administrative access to the web portal, or obtain limited shell access on the device.

What this means

What could happen

An attacker with valid user credentials could gain admin access to the MicroServer web interface or limited shell access to the device, potentially allowing them to modify weather station configurations, alter data collection settings, or disrupt operations if the weather data feeds critical environmental monitoring or control systems.

Who's at risk

Weather monitoring systems operators and facilities using Columbia Weather Systems MicroServer for environmental data collection and monitoring. This includes water utilities, electric utilities, and other municipal systems that rely on accurate weather data for operations planning or control logic.

How it could be exploited

An attacker with user-level credentials and network access to the MicroServer's web interface could exploit the vulnerabilities to escalate privileges to administrator level, or exploit connection redirection to intercept and manipulate traffic to the device or force connections through an attacker-controlled server.

Prerequisites

Network access to the MicroServer web portal (typically port 80 or 443)
Valid user credentials for the MicroServer web interface

remotely exploitablelow complexityrequires authenticationprivilege escalation capability

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

MicroServer firmware: <MS_4.1_14142<MS 4.1 14142MS_4.1_14142+

Remediation & Mitigation

0/3

Do now

0/2

WORKAROUNDRestrict network access to the MicroServer web portal to authorized personnel only using firewall rules or network segmentation

HARDENINGChange default credentials on the MicroServer web portal and enforce strong, unique passwords for all user accounts

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate MicroServer firmware to version MS_4.1_14142 or later

CVEs (3)

CVE-2025-61939 CVE-2025-64305 CVE-2025-66620

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/473d2f5b-384b-4835-93a9-6a0ef768834f

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.