CVE-2025-10681

HIGH CVSS 8.6 View on NVD ↗

Description

Storage credentials are hardcoded in the mobile app and device firmware. These credentials do not adequately limit end user permissions and do not expire within a reasonable amount of time. This vulnerability may grant unauthorized access to production storage containers.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-055-03.json
https://mygardyn.com/security/
https://www.cisa.gov/news-events/ics-advisories/icsa-26-055-03

Published: Apr 03, 2026 21:17 UTC Modified: Apr 03, 2026 21:17 UTC