← Back to home
ICSA-25-324-03  ·  Published 2025-11-20  ·  View on CISA ICS-CERT ↗

Opto 22 GRV-EPIC and groov RIO

CVSS 6.2 MEDIUM

Risk Summary

Successful exploitation of this vulnerability could result in the execution of arbitrary shell commands with root privileges.

CVEs (1)

Remediations

  • Opto 22 has published a patch to address this vulnerability and recommends that users upgrade to GRV-EPIC and groov RIO Firmware Version 4.0.3. Additional information is available from Opto 22 here.

Affected Vendors

Opto 22

Affected Products (5)

Opto 22 · GRV-EPIC-PR1 Firmware <4.0.3
Opto 22 · GRV-EPIC-PR2 Firmware <4.0.3
Opto 22 · groov RIO GRV-R7-MM1001-10 Firmware <4.0.3
Opto 22 · groov RIO GRV-R7-MM2001-10 Firmware <4.0.3
Opto 22 · groov RIO GRV-R7-I1VAPM-3 Firmware <4.0.3

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more