Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-53520
PUBLISHED
More InfoOfficial Page
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
View Known Exploited Vulnerability (KEV) details
Published At-08 Aug, 2025 | 16:09
Updated At-08 Aug, 2025 | 19:12
Rejected At-
▼CVE Numbering Authority (CNA)
EG4 Electronics EG4 Inverters Download of Code Without Integrity Check

The affected product allows firmware updates to be downloaded from EG4's website, transferred via USB dongles, or installed through EG4's Monitoring Center (remote, cloud-connected interface) or via a serial connection, and can install these files without integrity checks. The TTComp archive format used for the firmware is unencrypted and can be unpacked and altered without detection.

Affected Products
Vendor
EG4 Electronics
Product
EG4 12kPV
Default Status
unaffected
Versions
Affected
  • all versions
Vendor
EG4 Electronics
Product
EG4 18kPV
Default Status
unaffected
Versions
Affected
  • all versions
Vendor
EG4 Electronics
Product
EG4 Flex 21
Default Status
unaffected
Versions
Affected
  • all versions
Vendor
EG4 Electronics
Product
EG4 Flex 18
Default Status
unaffected
Versions
Affected
  • all versions
Vendor
EG4 Electronics
Product
EG4 6000XP
Default Status
unaffected
Versions
Affected
  • all versions
Vendor
EG4 Electronics
Product
EG4 12000XP
Default Status
unaffected
Versions
Affected
  • all versions
Vendor
EG4 Electronics
Product
EG4 GridBoss
Default Status
unaffected
Versions
Affected
  • all versions
Problem Types
TypeCWE IDDescription
CWECWE-494CWE-494
Type: CWE
CWE ID: CWE-494
Description: CWE-494
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.08.6HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 4.0
Base score: 8.6
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds

EG4 has acknowledged the vulnerabilities and is actively working on a fix, including new hardware expected to release by October 15, 2025. Until then, EG4 will actively monitor all installed systems and work with affected users on a case-by-case basis if anomalies are observed. For more information, contact EG4. https://eg4electronics.com/contact/

Exploits
Credits
finder
Anthony Rose of BC Security reported these vulnerabilities to CISA.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/news-events/ics-advisories/icsa-25-219-07
N/A
https://eg4electronics.com/contact/
N/A
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-25-219-07
Resource: N/A
Hyperlink: https://eg4electronics.com/contact/
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found