ICSA-25-205-02
·
Published 2025-07-24
·
View on CISA ICS-CERT ↗
Network Thermostat X-Series WiFi Thermostats
CVSS 9.8
CRITICAL
Risk Summary
Successful exploitation of this vulnerability could allow an attacker to gain full administrative access to the device.
CVEs (1)
Remediations
- Network Thermostat recommends users to update to the following (or newer) versions:
- X-Series WiFi thermostats with v4.x to a minimum of v4.6
- X-Series WiFi thermostats with v9.x to a minimum of v9.46
- X-Series WiFi thermostats with v10.x to a minimum of v10.29
- X-Series WiFi thermostats with v11.x to a minimum of v11.5
- This update was applied automatically to reachable units, requiring no action from end users.
- If end users would like their units behind firewalls to be updated, please contact Network Thermostat at [email protected] to coordinate an update.
Affected Vendors
Network Thermostat
Affected Products (4)
Network Thermostat
·
X-Series WiFi thermostats
>=v4.5|<v4.6
Network Thermostat
·
X-Series WiFi thermostats
>=v9.6|<v9.46
Network Thermostat
·
X-Series WiFi thermostats
>=v10.1|<v10.29
Network Thermostat
·
X-Series WiFi thermostats
>=v11.1|<v11.5
Affected Sectors
Commercial Facilities
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more