Ilevia EVE X1 Server

Act NowCVSS 9.8ICS-CERT ICSA-26-036-04Feb 5, 2026

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Ilevia EVE X1 server versions 4.7.18.0 and earlier contain multiple vulnerabilities including path traversal (CWE-22), arbitrary command execution (CWE-78), sensitive information disclosure (CWE-532), and cross-site scripting (CWE-79). Successful exploitation allows an attacker to execute arbitrary shell commands with system privileges and access sensitive system information such as credentials and configurations. The vulnerabilities are remotely accessible over the network with no authentication required. Ilevia has stated no security update will be provided for this product line.

What this means

What could happen

An attacker with network access to the EVE X1 server could execute arbitrary shell commands to control the device, or steal sensitive system information like credentials and configurations. This could allow an attacker to modify settings, disrupt operations, or pivot to other systems on your network.

Who's at risk

Organizations running Ilevia EVE X1 server deployments should be concerned. EVE X1 is commonly used in utility automation, building management, and industrial monitoring environments as a gateway or data aggregation device. Any organization with an EVE X1 connected to a network, especially one exposed to the internet or accessible from less-trusted networks, faces immediate risk of command execution and data theft.

How it could be exploited

An attacker on the network sends a specially crafted request to port 8080 on the EVE X1 server. The server processes the request without proper validation and executes arbitrary shell commands, or returns sensitive data through path traversal or information disclosure vulnerabilities. No authentication or special conditions are required.

Prerequisites

Network access to port 8080 on the EVE X1 server
No authentication required

remotely exploitableno authentication requiredlow complexityhigh EPSS score (14.7%)no patch available

Exploitability

Likely to be exploited — EPSS score 14.7%

Affected products (1)

ProductAffected VersionsFix Status

EVE X1: <=4.7.18.0≤ 4.7.18.0No fix (EOL)

Remediation & Mitigation

0/6

Do now

0/3

WORKAROUNDVerify port 8080 is closed on all EVE X1 devices and firewalls; enable access only through the secure option in the updated Ilevia Manager

HARDENINGChange all default passwords on EVE X1 systems to strong, unique credentials

WORKAROUNDMonitor system logs and firewall logs for unauthorized access attempts to port 8080

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Ilevia Manager to the latest available version from https://www.ilevia.com/downloads/

HARDENINGReview firewall configurations to minimize external exposure and restrict network access to EVE X1 servers

Mitigations - no patch available

0/1

EVE X1: <=4.7.18.0 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGImplement network segmentation to isolate EVE X1 servers from less-trusted network segments

CVEs (9)

CVE-2025-34185 CVE-2025-34184 CVE-2025-34183 CVE-2025-34186 CVE-2025-34187 CVE-2025-34517 CVE-2025-34518 CVE-2025-34512 CVE-2025-34513

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/266425ad-012a-4da9-a3a3-89500efc0e9e

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.