← Back to home
ICSA-16-091-01  ·  Published 2025-06-05  ·  View on CISA ICS-CERT ↗

ICONICS WebHMI Directory Traversal Vulnerability

CVSS 9.8 CRITICAL

CVEs (1)

Remediations

  • ICONICS recommends users of WebHMI V9 or earlier should avoid exposing the WebHMI product directly to the Internet. This can be done by using firewalls and/or VPNs. Another mitigation option ICONICS recommends would be to upgrade the system to the V10 version of the ICONICS products and the applying security features built into V10.
  • The V10 version is available from the ICONICS web site at: (http://www.iconics.com/Home/Products.aspx)

Affected Vendors

ICONICS

Affected Products (1)

ICONICS · WebHMI <=9

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more