1. EXECUTIVE SUMMARY
- CVSS v4 7.5
- ATTENTION: Exploitable remotely
- Vendor: Opto 22
- Equipment: GRV-EPIC-PR1, GRV-EPIC-PR2, groov RIO
- Vulnerability: Improper Neutralization of Special Elements used in an OS Command
2. RISK EVALUATION
Successful exploitation of this vulnerability could result in the execution of arbitrary shell commands with root privileges.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of GRV Programmable Logic Controllers are affected:
- GRV-EPIC-PR1 Firmware: Versions prior to 4.0.3
- GRV-EPIC-PR2 Firmware: Versions prior to 4.0.3
- groov RIO GRV-R7-MM1001-10 Firmware: Versions prior to 4.0.3
- groov RIO GRV-R7-MM2001-10 Firmware: Versions prior to 4.0.3
- groov RIO GRV-R7-I1VAPM-3 Firmware: Versions prior to 4.0.3
3.2 VULNERABILITY OVERVIEW
3.2.1 Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) CWE-78
A vulnerability exists in the Opto22 Groov Manage REST API on GRV-EPIC and groov RIO Products that allows remote code execution with root privileges. When a POST request is executed against the vulnerable endpoint, the application reads certain header details and unsafely uses these values to build commands, allowing an attacker with administrative privileges to inject arbitrary commands that execute as root.
CVE-2025-13087 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.2 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L).
A CVSS v4 score has also been calculated for CVE-2025-130
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: