Critical vulnerabilities affecting a product made by Germany-based Microsens can be exploited by hackers to conduct remote attacks against organizations.
Microsens provides a wide range of connectivity and automation solutions for industrial organizations and enterprises, including switches, converters, building controllers, and transceivers. The company’s NMP Web+ product enables users to control, monitor and configure industrial switches and other Microsens network equipment.
An advisory published by the cybersecurity agency CISA last week informed organizations that the Microsens NMP Web+ product is affected by two critical and one high-severity vulnerability.
The critical vulnerabilities can be exploited by an unauthenticated attacker to generate forged JSON Web Tokens and bypass authentication (CVE-2025-49151) and overwrite files and execute arbitrary code (CVE-2025-49153). The high-severity issue is related to the fact that the JSON Web Tokens do not expire.
Noam Moshe, vulnerability researcher at Claroty’s Team82, who has been credited for the discovery, told SecurityWeek that an attacker could chain these flaws.
One vulnerability can be used to obtain a valid authentication token that provides access to the targeted system, while the second bug enables the attacker to overwrite critical files on the server, giving them full control over the system on the OS level.
“These two vulnerabilities together allow an attacker to jump ‘from zero to hero’, meaning gaining full control over the system without needing to have any prior knowledge/credentials to the server,” Moshe explained.
The researcher pointed out that an attacker needs access to the web server associated with the targeted Microsens NMP Web+ instance to exploit the vulnerabilities, but warned that multiple instances are exposed to the internet and potentially vulnerable to attacks.
CISA said it’s not aware of attacks exploiting these vulnerabilities and the vendor has released updates to patch the flaws (version 3.3.0 for Windows and Linux).
According to the agency’s advisory, the impacted product is used worldwide, including in the critical manufacturing sector.
Learn More at SecurityWeek’s ICS Cybersecurity Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.
October 27-30, 2025 | Atlanta
www.icscybersecurityconference.com
Related: Iranian Hackers’ Preferred ICS Targets Left Open Amid Fresh US Attack Warning
Related: Siemens Notifies Customers of Microsoft Defender Antivirus Issue
Related: ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Aveva, CISA
