cvelist/2025/26xxx/CVE-2025-26473.json

{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2025-26473",
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "The Mojave Inverter uses the GET method for sensitive information."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-598",
                        "cweId": "CWE-598"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Outback Power",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Mojave Inverter",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
                                            "version_value": "All versions"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-17",
                "refsource": "MISC",
                "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-17"
            },
            {
                "url": "https://old.outbackpower.com/about-outback/contact/contact-us",
                "refsource": "MISC",
                "name": "https://old.outbackpower.com/about-outback/contact/contact-us"
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.2.0"
    },
    "source": {
        "advisory": "ICSA-25-044-17",
        "discovery": "EXTERNAL"
    },
    "work_around": [
        {
            "lang": "en",
            "supportingMedia": [
                {
                    "base64": false,
                    "type": "text/html",
                    "value": "The Mojave Inverter was a product of Enersys. When Outback Power was \nsplit off from Enersys recently, Mojave Inverter was moved to Outback \nPower, but without the resources to maintain the product. Outback Power \nmay discontinue this product and has not yet addressed these \nvulnerabilities. CISA recommends disabling the networking features of \nthis product until a replacement product can be acquired.\n\n<br>"
                }
            ],
            "value": "The Mojave Inverter was a product of Enersys. When Outback Power was \nsplit off from Enersys recently, Mojave Inverter was moved to Outback \nPower, but without the resources to maintain the product. Outback Power \nmay discontinue this product and has not yet addressed these \nvulnerabilities. CISA recommends disabling the networking features of \nthis product until a replacement product can be acquired."
        }
    ],
    "credits": [
        {
            "lang": "en",
            "value": "Jon Hurtado of Sandia National Laboratory reported these vulnerabilities to CISA."
        }
    ],
    "impact": {
        "cvss": [
            {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
            }
        ]
    }
}
"-Synchronized-Data." 2025-02-12 17:00:33 +00:00			`{`
"-Synchronized-Data." 2025-02-13 22:00:36 +00:00			`"data_version": "4.0",`
"-Synchronized-Data." 2025-02-12 17:00:33 +00:00			`"data_type": "CVE",`
			`"data_format": "MITRE",`
			`"CVE_data_meta": {`
			`"ID": "CVE-2025-26473",`
"-Synchronized-Data." 2025-02-13 22:00:36 +00:00			`"ASSIGNER": "ics-cert@hq.dhs.gov",`
			`"STATE": "PUBLIC"`
"-Synchronized-Data." 2025-02-12 17:00:33 +00:00			`},`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2025-02-13 22:00:36 +00:00			`"value": "The Mojave Inverter uses the GET method for sensitive information."`
			`}`
			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-598",`
			`"cweId": "CWE-598"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"vendor_name": "Outback Power",`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Mojave Inverter",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "=",`
			`"version_value": "All versions"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-17",`
			`"refsource": "MISC",`
			`"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-17"`
			`},`
			`{`
			`"url": "https://old.outbackpower.com/about-outback/contact/contact-us",`
			`"refsource": "MISC",`
			`"name": "https://old.outbackpower.com/about-outback/contact/contact-us"`
			`}`
			`]`
			`},`
			`"generator": {`
			`"engine": "Vulnogram 0.2.0"`
			`},`
			`"source": {`
			`"advisory": "ICSA-25-044-17",`
			`"discovery": "EXTERNAL"`
			`},`
			`"work_around": [`
			`{`
			`"lang": "en",`
			`"supportingMedia": [`
			`{`
			`"base64": false,`
			`"type": "text/html",`
			`"value": "The Mojave Inverter was a product of Enersys. When Outback Power was \nsplit off from Enersys recently, Mojave Inverter was moved to Outback \nPower, but without the resources to maintain the product. Outback Power \nmay discontinue this product and has not yet addressed these \nvulnerabilities. CISA recommends disabling the networking features of \nthis product until a replacement product can be acquired.\n\n<br>"`
			`}`
			`],`
			`"value": "The Mojave Inverter was a product of Enersys. When Outback Power was \nsplit off from Enersys recently, Mojave Inverter was moved to Outback \nPower, but without the resources to maintain the product. Outback Power \nmay discontinue this product and has not yet addressed these \nvulnerabilities. CISA recommends disabling the networking features of \nthis product until a replacement product can be acquired."`
			`}`
			`],`
			`"credits": [`
			`{`
			`"lang": "en",`
			`"value": "Jon Hurtado of Sandia National Laboratory reported these vulnerabilities to CISA."`
			`}`
			`],`
			`"impact": {`
			`"cvss": [`
			`{`
			`"attackComplexity": "LOW",`
			`"attackVector": "NETWORK",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 7.5,`
			`"baseSeverity": "HIGH",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "NONE",`
			`"privilegesRequired": "NONE",`
			`"scope": "UNCHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",`
			`"version": "3.1"`
"-Synchronized-Data." 2025-02-12 17:00:33 +00:00			`}`
			`]`
			`}`
			`}`