ICSA-26-036-04 · Published 2026-02-05 · View on CISA ICS-CERT ↗

Ilevia EVE X1 Server

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary shell commands and the disclosure of sensitive system information.

CVEs (9)

CVE-2025-34185 CVE-2025-34184 CVE-2025-34183 CVE-2025-34186 CVE-2025-34187 CVE-2025-34517 CVE-2025-34518 CVE-2025-34512 CVE-2025-34513

Remediations

Ilevia recommends that users perform the following mitigation steps: Update to the newest version of Ilevia Manager at https://www.ilevia.com/downloads/. Verify port 8080 is closed on all devices and routers and enable access only through the secure option provided in the updated Ilevia Manager. Change all default passwords on active systems to strong, unique credentials to prevent unauthorized access and automated attacks. Review firewall configurations to confirm that internal protections are functioning as intended and external exposure is minimized. Monitor for unauthorized access attempts and apply network segmentation where possible to reduce attack surfaces.

Affected Vendors

Ilevia

Affected Products (1)

Ilevia · EVE X1 <=4.7.18.0

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more