Error type:
CWE-476:NULL Pointer Dereference
Vulnerability vector:
- Base vulnerability score (CVSSv4.0): CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
- Severity (CVSSv4.0): 8.7 (High)
Description:
The vulnerability was identified in Fastwel programmable controllers, versions 3.4.5.0 (CPM810-03), 3.4.9.1 (СPM723-01).
Exploitation of the vulnerability allows a remote attacker to cause a denial of service by sending multiple specially crafted HTTP requests.
Vulnerability status: Confirmed by vendor
Date of vulnerability remediation: 10.09.2025
Recommendations:
Update to versions:
- CPM723-01 3.4.9.5
- CPM810-03 3.4.5.1
Additional information:
Researcher: Maksim Gruzin (Positive Technologies)
Identifiers:
BDU:2025-11172
Vendor:
Fastwel
Vulnerable product:
CPM810-03, СPM723-01
Vulnerable versions:
3.4.5.0 (CPM810-03), 3.4.9.1 (СPM723-01)