Intrado 911 Emergency Gateway (EGW)

Plan PatchCVSS 9.8ICS-CERT ICSA-26-113-06Apr 23, 2026

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A vulnerability in the Intrado Emergency Gateway allows an attacker to read, modify, or delete files without authentication. This affects versions 5.x, 6.x, and 7.x. Intrado released a software update on March 2nd, 2026 that addresses this issue. Customers should coordinate with Intrado to apply the patch.

What this means

What could happen

An attacker with network access to the Emergency Gateway could read, modify, or delete files on the device, potentially disrupting 911 call handling, routing, or emergency response coordination.

Who's at risk

911 emergency call centers and public safety agencies that operate Intrado Emergency Gateway systems (versions 5.x through 7.x). This affects any jurisdiction using this gateway for emergency call routing and management.

How it could be exploited

An attacker on the network sends a specially crafted request to the Emergency Gateway. The device fails to properly validate the request, allowing the attacker to read, write, or delete files without authentication. This could compromise emergency call data, system configuration, or operational logs.

Prerequisites

Network access to the Emergency Gateway
No authentication required

remotely exploitableno authentication requiredlow complexitycritical severityaffects emergency services

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Affected products (3)

3 pending

ProductAffected VersionsFix Status

Emergency Gateway: 7.x7.xNo fix yet

Emergency Gateway: 6.x6.xNo fix yet

Emergency Gateway: 5.x5.xNo fix yet

Remediation & Mitigation

0/3

Do now

0/2

HARDENINGRestrict network access to the Emergency Gateway to only authorized administrative workstations and systems that must communicate with it

WORKAROUNDMonitor the Emergency Gateway for unauthorized file access or modification attempts until the patch can be applied

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXContact Intrado E911 Support at E911Support@intrado.com to obtain and schedule installation of the software update released March 2nd, 2026

CVEs (1)

CVE-2026-6074

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/6b7e16cb-7a79-4db7-94f3-b0917e2da933

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.