Valmet DNA Engineering Web Tools version <=C2022 is vulnerable to CVE-2025-15577, categorized with a CVSS base score of 8.6.

The USR-W610 device is end-of-life with no plans for patches, impacting versions USR-W610 <=3.1.1.0 which are affected by four CVEs.

Signal 1

Valmet DNA Engineering Web Tools version <=C2022 is vulnerable to CVE-2025-15577, allowing unauthenticated arbitrary file read access. [Source: CISA]

Signal 2

The USR-W610 device is end-of-life with no plans for patches, affecting versions USR-W610 <=3.1.1.0 which are impacted by four CVEs. [Source: CISA]

Signal 3

CVSS base score for CVE-2025-15577 increased to 8.6, categorized as HIGH severity. [Source: CISA]

CVE-2026-25715 allows authentication with blank credentials, effectively disabling authentication. [Source: CISA]

CVE-2026-21410 and CVE-2026-22553 enable vulnerabilities that allow remote code execution via SQL and OS command injection respectively, with a CVSS score of 9.8. [Source: CISA]

CVE-2026-1227 exposes local files or causes denial-of-service in EcoStruxure Building Operation Workstation versions prior to 7.0.3.2000. [Source: CISA]

What are the implications of operating with end-of-life devices given the absence of patches for critical vulnerabilities?

Custom signal scopes and private delivery available.

Reply to this email for details.