ICSA-25-266-04 · Published 2025-09-23 · View on CISA ICS-CERT ↗

Viessmann Vitogate 300

CVSS 8.8 HIGH

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to modify an intended OS command when it is sent to a downstream component, or allow an attacker to cause unexpected interactions between the client and server.

CVEs (2)

CVE-2025-9494 CVE-2025-9495

Remediations

These vulnerabilities have been resolved in Vitogate 300 software version 3.1.0.1. Users are strongly encouraged to upgrade by downloading software version 3.1.0.1 or newer from the Vitogate 300 website.
For more information refer to Carrier's product security advisory CARR-PSA-2025-02.

Affected Vendors

Viessmann

Affected Products (1)

Viessmann · Vitogate 300 <3.1.0.1

Affected Sectors

Commercial Facilities

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more