CVE-2025-46414

Summary

The affected product does not limit the number of attempts for inputting the correct PIN for a registered product, which may allow an attacker to gain unauthorized access using brute-force methods if they possess a valid device serial number. The API provides clear feedback when the correct PIN is entered. This vulnerability was patched in a server-side update on April 6, 2025.

Affected Software

VendorProductVersion RangeStatus
EG4 ElectronicsEG4 12kPVall versionsaffected
EG4 ElectronicsEG4 18kPVall versionsaffected
EG4 ElectronicsEG4 Flex 21all versionsaffected
EG4 ElectronicsEG4 Flex 18all versionsaffected
EG4 ElectronicsEG4 6000XPall versionsaffected
EG4 ElectronicsEG4 12000XPall versionsaffected
EG4 ElectronicsEG4 GridBossall versionsaffected

Weaknesses

  • CWE-307: CWE-307

Workarounds

CVE-2025-46414 was fixed on April 6, 2025. No user action was or is necessary.

For more information, contact EG4. https://eg4electronics.com/contact/

https://eg4electronics.com/contact/

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References