Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Critical Microsens Product Flaws Allow Hackers to Go ‘From Zero to Hero’

CISA has informed organizations about critical authentication bypass and remote code execution vulnerabilities in Microsens NMP Web+.

ICS security

Critical vulnerabilities affecting a product made by Germany-based Microsens can be exploited by hackers to conduct remote attacks against organizations.

Microsens provides a wide range of connectivity and automation solutions for industrial organizations and enterprises, including switches, converters, building controllers, and transceivers. The company’s NMP Web+ product enables users to control, monitor and configure industrial switches and other Microsens network equipment.

An advisory published by the cybersecurity agency CISA last week informed organizations that the Microsens NMP Web+ product is affected by two critical and one high-severity vulnerability.

The critical vulnerabilities can be exploited by an unauthenticated attacker to generate forged JSON Web Tokens and bypass authentication (CVE-2025-49151) and overwrite files and execute arbitrary code (CVE-2025-49153). The high-severity issue is related to the fact that the JSON Web Tokens do not expire.

Noam Moshe, vulnerability researcher at Claroty’s Team82, who has been credited for the discovery, told SecurityWeek that an attacker could chain these flaws.

One vulnerability can be used to obtain a valid authentication token that provides access to the targeted system, while the second bug enables the attacker to overwrite critical files on the server, giving them full control over the system on the OS level.

Advertisement. Scroll to continue reading.

“These two vulnerabilities together allow an attacker to jump ‘from zero to hero’, meaning gaining full control over the system without needing to have any prior knowledge/credentials to the server,” Moshe explained.

The researcher pointed out that an attacker needs access to the web server associated with the targeted Microsens NMP Web+ instance to exploit the vulnerabilities, but warned that multiple instances are exposed to the internet and potentially vulnerable to attacks.

CISA said it’s not aware of attacks exploiting these vulnerabilities and the vendor has released updates to patch the flaws (version 3.3.0 for Windows and Linux). 

According to the agency’s advisory, the impacted product is used worldwide, including in the critical manufacturing sector.

Learn More at SecurityWeek’s ICS Cybersecurity Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.
ICS Cybersecurity Conference
October 27-30, 2025 | Atlanta
www.icscybersecurityconference.com

Related: Iranian Hackers’ Preferred ICS Targets Left Open Amid Fresh US Attack Warning

Related: Siemens Notifies Customers of Microsoft Defender Antivirus Issue

Related: ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Aveva, CISA

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

James Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.

Rafal Los has joined Binary Defense as Chief Strategy Officer.

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.