PatchSiren cyber security CVE debrief
CVE-2025-9574 ASKI Energy CVE debrief
CVE-2025-9574 is a critical missing-authentication issue in the embedded web server used by ASKI Energy ALS-Mini-S4 and ALS-Mini-S8 IP controllers. According to CISA’s advisory, an attacker can read and modify product configuration parameters without logging in. ABB reports the affected products reached end of life in 2022, so no software fix is planned; defenders should focus on isolation, access restriction, monitoring, and replacement planning.
- Vendor
- ASKI Energy
- Product
- ALS-mini-s4 IP (serial number from 2000 to 5166)
- CVSS
- CRITICAL 10
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-10-23
- Original CVE updated
- 2025-10-23
- Advisory published
- 2025-10-23
- Advisory updated
- 2025-10-23
Who should care
OT/ICS asset owners, plant and facilities teams, control-system engineers, industrial network administrators, and security teams responsible for ASKI Energy ALS-Mini-S4/S8 controllers or similar legacy field devices.
Technical summary
The vulnerable component is the controller’s embedded web server, which lacks authentication controls. CISA describes a remote attacker with network access as able to read and modify configuration parameters without being authenticated. The published CVSS 3.1 vector is AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N, reflecting easy remote exploitation potential and high confidentiality/integrity impact. The advisory identifies ALS-mini-s4 IP and ALS-mini-s8 IP devices with serial numbers from 2000 to 5166 as affected.
Defensive priority
Immediate. Treat as a high-priority OT exposure because the flaw allows unauthenticated configuration access and the vendor indicates no fix is available for end-of-life products.
Recommended defensive actions
- Confirm whether any ALS-mini-S4/S8 devices are deployed, especially units with serial numbers 2000 through 5166.
- Ensure affected devices are not exposed to the public internet.
- Place the device behind a firewall or secure proxy and restrict access to only necessary, whitelisted IP addresses.
- Enforce authentication and logging at the network boundary if the device itself cannot provide it.
- Monitor for access attempts using firewall, IDS, or IPS alerts, especially from non-whitelisted sources.
- If the embedded web server is not required, physically disconnect the Ethernet connection to remove the attack surface.
- Review surrounding systems and apply updates where possible to reduce adjacent attack paths.
- Plan for replacement or compensating controls because the vendor states the products are end of life and no fix is planned.
Evidence notes
This debrief is based on CISA’s CSAF advisory ICSA-25-296-02 for CVE-2025-9574 and the linked ABB security advisory. The source states the vulnerability is a critical missing-authentication condition in the embedded web server and that unauthenticated attackers can read and modify configuration parameters. The advisory also states the affected products reached end of life in 2022, so remediation is limited to mitigation. No KEV listing was provided in the supplied corpus.
Official resources
-
CVE-2025-9574 CVE record
CVE.org
-
CVE-2025-9574 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Published by CISA on 2025-10-23; the supplied advisory lists an initial publication revision on the same date. ABB reports the affected products reached end of life in 2022.