ICS/OT

Critical Microsens Product Flaws Allow Hackers to Go ‘From Zero to Hero’

CISA has informed organizations about critical authentication bypass and remote code execution vulnerabilities in Microsens NMP Web+.

ICS security

Critical vulnerabilities affecting a product made by Germany-based Microsens can be exploited by hackers to conduct remote attacks against organizations.

Microsens provides a wide range of connectivity and automation solutions for industrial organizations and enterprises, including switches, converters, building controllers, and transceivers. The company’s NMP Web+ product enables users to control, monitor and configure industrial switches and other Microsens network equipment.

An advisory published by the cybersecurity agency CISA last week informed organizations that the Microsens NMP Web+ product is affected by two critical and one high-severity vulnerability.

The critical vulnerabilities can be exploited by an unauthenticated attacker to generate forged JSON Web Tokens and bypass authentication (CVE-2025-49151) and overwrite files and execute arbitrary code (CVE-2025-49153). The high-severity issue is related to the fact that the JSON Web Tokens do not expire.

Noam Moshe, vulnerability researcher at Claroty’s Team82, who has been credited for the discovery, told SecurityWeek that an attacker could chain these flaws.

One vulnerability can be used to obtain a valid authentication token that provides access to the targeted system, while the second bug enables the attacker to overwrite critical files on the server, giving them full control over the system on the OS level.

Advertisement. Scroll to continue reading.

“These two vulnerabilities together allow an attacker to jump ‘from zero to hero’, meaning gaining full control over the system without needing to have any prior knowledge/credentials to the server,” Moshe explained.

The researcher pointed out that an attacker needs access to the web server associated with the targeted Microsens NMP Web+ instance to exploit the vulnerabilities, but warned that multiple instances are exposed to the internet and potentially vulnerable to attacks.

CISA said it’s not aware of attacks exploiting these vulnerabilities and the vendor has released updates to patch the flaws (version 3.3.0 for Windows and Linux). 

According to the agency’s advisory, the impacted product is used worldwide, including in the critical manufacturing sector.

Learn More at SecurityWeek’s ICS Cybersecurity Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

October 27-30, 2025 | Atlanta
www.icscybersecurityconference.com

Related: Iranian Hackers’ Preferred ICS Targets Left Open Amid Fresh US Attack Warning

Related: Siemens Notifies Customers of Microsoft Defender Antivirus Issue

Related: ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Aveva, CISA

Related Content

Vulnerabilities

CISA says threat actors are exploiting a recently patched SharePoint remote code execution vulnerability (CVE-2026-45659).

Vulnerabilities

Fifteen of the newly patched flaws have been rated ‘critical’ and 67 have been rated ‘high severity’.

Vulnerabilities

The critical-severity defect allows unauthenticated attackers to take over the E-Business Suite’s Payments product.

Malware & Threats

The threat actor is focused on collecting credentials, SSH keys, cryptocurrency wallets, and development tooling.

ICS/OT

CISA has published an advisory to inform organizations about three vulnerabilities found by a researcher in Daktronics controllers.

Artificial Intelligence

AWS has patched the vulnerability and published its own advisory to inform customers about the potential impact. 

Application Security

It will provide the tools and channels to report, patch, and disclose open source software vulnerabilities.

ICS/OT

CISA has added the remote code execution flaw CVE-2026-12569 to its Known Exploited Vulnerabilities catalog.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version