CVE-2025-7426
BaseFortify
Publication date: 2025-08-25
Last updated on: 2025-08-25
Assigner: Switzerland Government Common Vulnerability Program
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| minova | tta | * |
| minova | tta | 11.18.0 |
| minova | webtta | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-312 | The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere. |
| CWE-532 | The product writes sensitive information to a log file. |
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7426 is a critical vulnerability in the MINOVA TTA automation software where an unprotected debug port (TCP 1604) exposes FTP credentials in plaintext without any authentication or encryption. This allows unauthenticated remote attackers to access an active FTP account containing sensitive internal data and import structures. Attackers can retrieve sensitive production data, manipulate automated business processes, and gain insights into service architecture and system activity logs via other debug ports (1602, 1603, 1636). This vulnerability threatens confidentiality, integrity, and availability of critical industrial operations. [1]
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to unauthorized access to sensitive production data and internal FTP accounts, allowing attackers to manipulate data, disrupt automated business processes such as EDI or data integration, and potentially cause operational disruptions in tank farms, chemical plants, logistics, and production environments. Attackers may also move laterally within the network, affecting SCADA and ERP systems, leading to data extraction, manipulation of tank levels and production parameters, and disruption of loading/unloading operations. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability violates several IEC 62443-3-3 security requirements related to administrator privilege control, authorization, communication integrity, confidentiality protection, and audit log access. By exposing sensitive data and allowing unauthorized access, it risks non-compliance with data protection regulations such as GDPR and potentially HIPAA, due to the exposure and possible manipulation of sensitive internal and production data. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by scanning your network for open TCP ports 1602, 1603, 1604, and 1636, which are used by the MINOVA TTA service debug ports exposing sensitive information. A common command to detect open ports is using nmap, for example: `nmap -p 1602,1603,1604,1636 <target-ip>`. If port 1604 is open, it indicates potential exposure of FTP credentials. Further manual inspection or automated scripts can be used to connect to these ports and check for exposed data. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include blocking TCP ports 1602, 1603, 1604, and 1636 at both network and host firewalls to prevent unauthorized access. Change all potentially compromised FTP passwords to strong, unique credentials and enable multi-factor authentication where possible. It is strongly recommended to update the MINOVA TTA software to version 11.18.0 or later, which includes a dedicated patch for the vulnerable ch.minova.nservice module. Additionally, implement Zero Trust security principles and strict OT network segmentation to reduce risks of data exfiltration and operational disruption. [1]