PatchSiren cyber security CVE debrief
CVE-2025-49849 LS Electric CVE debrief
CVE-2025-49849 is a high-severity vulnerability in LS Electric GMWin 4 that affects parsing of PRJ files. CISA’s advisory describes an out-of-bounds read caused by insufficient validation of user-supplied data, with the potential for memory corruption and reads or writes past allocated data structures. The advisory lists GMWin 4 version 4.18 as affected and notes the product has been discontinued, with LS Electric recommending migration to the XGT series as a replacement.
- Vendor
- LS Electric
- Product
- GMWin 4
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-17
- Original CVE updated
- 2025-06-17
- Advisory published
- 2025-06-17
- Advisory updated
- 2025-06-17
Who should care
Industrial control system owners, operators, engineers, and maintenance teams using LS Electric GMWin 4 version 4.18—especially environments that open or process PRJ files. Asset managers and OT security teams should also pay attention because the product is discontinued and remediation is replacement-oriented rather than patch-oriented.
Technical summary
The issue is in PRJ file parsing. According to the advisory, user-supplied data is not properly validated, which can lead to out-of-bounds memory access. The published CVSS vector is AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local impact with user interaction required and potential for high confidentiality, integrity, and availability consequences. CISA’s CSAF entry lists only LS Electric GMWin 4: 4.18 as affected in the supplied advisory data.
Defensive priority
High. The CVSS score is 7.8, the affected product is discontinued, and the remediation path in the advisory is migration to a replacement product rather than a software fix. Prioritize inventory, exposure reduction, and replacement planning.
Recommended defensive actions
- Inventory any use of LS Electric GMWin 4 version 4.18 across engineering workstations and OT support systems.
- Treat PRJ files as untrusted inputs and restrict who can supply or open them until the product is retired or replaced.
- Plan migration to LS Electric’s recommended XGT series replacement as described in the advisory.
- Contact LS Electric support for product-specific guidance and transition support.
- Limit workstation and engineering account privileges to the minimum needed for OT operations.
- Apply OT security segmentation and other CISA ICS recommended practices to reduce the impact of malicious or malformed files.
- Validate the provenance of project files before opening them, especially files received from outside the organization.
Evidence notes
CISA’s CSAF advisory ICSA-25-168-02, published 2025-06-17, identifies CVE-2025-49849 for LS Electric GMWin 4 and states that an out-of-bounds read exists in PRJ file parsing due to insufficient validation of user-supplied data. The advisory lists GMWin 4: 4.18 as the affected product and says the product has been discontinued, with XGT series recommended as a replacement. No KEV date is provided in the supplied data.
Official resources
-
CVE-2025-49849 CVE record
CVE.org
-
CVE-2025-49849 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA in CSAF advisory ICSA-25-168-02 on 2025-06-17. No Known Exploited Vulnerabilities listing is provided in the supplied data.