MDR
Solutions
Partners
About
Resources
Multiple vulnerabilities have been identified across ICS-connected and medical products including Yokogawa FAST/TOOLS, ZLAN5143D, AVEVA PI Data Archive, AVEVA PI to CONNECT Agent, and the ZOLL ePCR iOS Mobile Application. These products operate in industrial control and healthcare environments, meaning exploitation may directly impact operational technology (OT) networks and protected health information (PHI).
Impacts range from authentication bypass and weak cryptographic implementation to denial-of-service, credential exposure, and unauthorized file access. The most severe issue affects ZLAN5143D (CVSS 9.8), enabling authentication bypass and remote password reset via exposed internal endpoints. Yokogawa FAST/TOOLS contains multiple web-layer weaknesses, including CSRF, weak TLS support, improper validation, and path traversal risks. AVEVA PI Data Archive flaws may allow remote service crashes, while the ZOLL mobile application vulnerability enables local file exposure containing sensitive medical data.
CVE
Key high-risk vulnerabilities include:
CVE-2026-25084 (Authentication Bypass – ZLAN5143D – CVSS 9.8)
CVE-2026-24789 (Unauthorized Password Reset – ZLAN5143D – CVSS 9.8)
CVE-2026-1507 (DoS – AVEVA PI Data Archive – CVSS 7.5)
CVE-2025-66597 / CVE-2025-66598 (Weak Crypto & TLS – Yokogawa FAST/TOOLS – CVSS 8.2 overall advisory)
CVE-2025-12699 (PHI Exposure – ZOLL ePCR iOS – CVSS 5.5)
Additional lower-severity issues involve information disclosure, improper input validation, and insecure configurations.
Targeting / Delivery Mechanism
Exploitation may occur via direct web interface access, exposed management endpoints, crafted HTTP requests, MITM positioning, or malicious input rendered in WebView components. Internet-facing ICS assets or poorly segmented OT networks increase exposure.
Execution Technique
Attackers may exploit missing authentication checks, unprotected APIs, weak cryptographic configurations, improper URL validation, or crafted input to execute scripts, reset credentials, decrypt traffic, or crash services.
Persistence / Deployment
Compromise may allow password changes, proxy credential harvesting, unauthorized file reads, and long-term access to industrial systems or medical application data.
Operational Impact
These vulnerabilities affect industrial automation systems and healthcare environments. Consequences may include operational disruption, unauthorized configuration changes, service outages, interception of encrypted communications, and exposure of sensitive operational or protected health information. In ICS contexts, disruption may affect safety-critical processes.
Validate Integrity
Review systems for unauthorized configuration changes, unexpected password resets, unusual proxy access, abnormal service crashes, and suspicious web server logs. Confirm TLS configurations and verify patch levels across affected systems.
Respond to Confirmed Compromise
Immediately isolate affected ICS or medical systems from external access. Reset device and proxy credentials. Upgrade to vendor-recommended versions, including FAST/TOOLS R10.04 SP3, PI Server 2024 R2 or higher, PI to CONNECT Agent v2.5.2790+, and apply relevant patches. If ZLAN devices are deployed, consider network isolation due to lack of vendor response.
Strengthen Preventative Controls
Enforce strict network segmentation between IT and OT environments. Disable legacy TLS versions. Restrict management interfaces to trusted networks. Apply least privilege principles and continuously monitor industrial service availability and authentication logs.
References
https://www.cisa.gov/news-events/ics-advisories/icsa-26-041-01
https://www.cisa.gov/news-events/ics-advisories/icsa-26-041-02
https://www.cisa.gov/news-events/ics-advisories/icsa-26-041-03
https://www.cisa.gov/news-events/ics-advisories/icsa-26-041-04
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-041-01
Trusted by clients worldwide
Led by human expertise and powered by the VisionX platform, we provide you with a 24/7 unbeatable Managed Detection & Response capability giving you transparent and consolidated security solutions.
.jpg)