ICSA-25-273-01
·
Published 2025-09-30
·
View on CISA ICS-CERT ↗
MegaSys Enterprises Telenium Online Web Application
CVSS 9.8
CRITICAL
Risk Summary
Successful exploitation of this vulnerability could allow an unauthenticated attacker to inject arbitrary operating system commands through a crafted HTTP request, leading to remote code execution on the server in the security context of the web application service account.
CVEs (1)
Remediations
- Megasys Enterprises has provided a fix for this vulnerability. Users should access the Megasys support page to get instructions on applying the fix.
Affected Vendors
Megasys Enterprises
Affected Products (1)
Megasys Enterprises
·
Telenium Online Web Application
<=8.4.21
Affected Sectors
Information Technology, Communications
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more