Vulnerability Description
The MOD3 command traffic between the monitoring application and the inverter is transmitted in plaintext without encryption or obfuscation. This vulnerability may allow an attacker with access to a local network to intercept, manipulate, replay, or forge critical data, including read/write operations for voltage, current, and power configuration, operational status, alarms, telemetry, system reset, or inverter control commands, potentially disrupting power generation or reconfiguring inverter settings.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://eg4electronics.com/contact/
- https://eg4electronics.com/wp-content/uploads/2025/09/EG4-Wi-Fi-Dongle-Dongle-Fi
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-219-07
FAQ
What is CVE-2025-52586?
CVE-2025-52586 is a vulnerability with a CVSS score of 6.9 (MEDIUM). The MOD3 command traffic between the monitoring application and the inverter is transmitted in plaintext without encryption or obfuscation. This vulnerability may allow an attacker with access to a ...
How severe is CVE-2025-52586?
CVE-2025-52586 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-52586?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.