Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    2 vulnerabilities by IDIS

    CVE-2025-12556 (GCVE-0-2025-12556)

    Vulnerability from nvd – Published: 2025-11-06 15:35 – Updated: 2025-11-06 15:47
    VLAI
    Title
    IDIS ICM Viewer Argument Injection
    Summary
    An argument injection vulnerability exists in the affected product that could allow an attacker to execute arbitrary code within the context of the host machine.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
    Assigner
    Impacted products
    Vendor Product Version
    IDIS ICM Viewer Affected: v1.6.0.10
    Unaffected: v1.7.1
    Create a notification for this product.
    Date Public
    2025-11-04 21:54
    Credits
    Vera Mens and Noam Moshe of Claroty Team82 reported this vulnerability to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12556",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-06T15:45:34.696161Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-06T15:47:08.878Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ICM Viewer",
              "vendor": "IDIS",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.6.0.10"
                },
                {
                  "status": "unaffected",
                  "version": "v1.7.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Vera Mens and Noam Moshe of Claroty Team82 reported this vulnerability to CISA."
            }
          ],
          "datePublic": "2025-11-04T21:54:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn argument injection vulnerability exists in the affected product that could allow an attacker to execute arbitrary code within the context of the host machine.\u003c/span\u003e"
                }
              ],
              "value": "An argument injection vulnerability exists in the affected product that could allow an attacker to execute arbitrary code within the context of the host machine."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-88",
                  "description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-06T15:35:58.447Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-05"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIDIS recommends users to follow these guidelines:\u003c/p\u003e\u003cul\u003e\u003cli\u003eFor users who continue to use the ICM Viewer:\u003cul\u003e\u003cli\u003eYou must access \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://icm.idisglobal.com/\"\u003ehttps://icm.idisglobal.com\u003c/a\u003e\u0026nbsp;and follow the instructions provided to upgrade to version v1.7.1. IDIS requires all users to upgrade to v1.7.1. Failure to do so will render the ICM Viewer unusable.\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003eFor users who do not use the ICM Viewer:\u003cul\u003e\u003cli\u003eYou must immediately uninstall the program from your system.\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "IDIS recommends users to follow these guidelines:\n\n  *  For users who continue to use the ICM Viewer:  *  You must access  https://icm.idisglobal.com https://icm.idisglobal.com/ \u00a0and follow the instructions provided to upgrade to version v1.7.1. IDIS requires all users to upgrade to v1.7.1. Failure to do so will render the ICM Viewer unusable.\n\n\n\n  *  For users who do not use the ICM Viewer:  *  You must immediately uninstall the program from your system."
            }
          ],
          "source": {
            "advisory": "ICSA-25-308-05",
            "discovery": "EXTERNAL"
          },
          "title": "IDIS ICM Viewer Argument Injection",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2025-12556",
        "datePublished": "2025-11-06T15:35:58.447Z",
        "dateReserved": "2025-10-31T16:30:47.318Z",
        "dateUpdated": "2025-11-06T15:47:08.878Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12556 (GCVE-0-2025-12556)

    Vulnerability from cvelistv5 – Published: 2025-11-06 15:35 – Updated: 2025-11-06 15:47
    VLAI
    Title
    IDIS ICM Viewer Argument Injection
    Summary
    An argument injection vulnerability exists in the affected product that could allow an attacker to execute arbitrary code within the context of the host machine.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
    Assigner
    Impacted products
    Vendor Product Version
    IDIS ICM Viewer Affected: v1.6.0.10
    Unaffected: v1.7.1
    Create a notification for this product.
    Date Public
    2025-11-04 21:54
    Credits
    Vera Mens and Noam Moshe of Claroty Team82 reported this vulnerability to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12556",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-06T15:45:34.696161Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-06T15:47:08.878Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ICM Viewer",
              "vendor": "IDIS",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.6.0.10"
                },
                {
                  "status": "unaffected",
                  "version": "v1.7.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Vera Mens and Noam Moshe of Claroty Team82 reported this vulnerability to CISA."
            }
          ],
          "datePublic": "2025-11-04T21:54:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn argument injection vulnerability exists in the affected product that could allow an attacker to execute arbitrary code within the context of the host machine.\u003c/span\u003e"
                }
              ],
              "value": "An argument injection vulnerability exists in the affected product that could allow an attacker to execute arbitrary code within the context of the host machine."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-88",
                  "description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-06T15:35:58.447Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-05"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIDIS recommends users to follow these guidelines:\u003c/p\u003e\u003cul\u003e\u003cli\u003eFor users who continue to use the ICM Viewer:\u003cul\u003e\u003cli\u003eYou must access \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://icm.idisglobal.com/\"\u003ehttps://icm.idisglobal.com\u003c/a\u003e\u0026nbsp;and follow the instructions provided to upgrade to version v1.7.1. IDIS requires all users to upgrade to v1.7.1. Failure to do so will render the ICM Viewer unusable.\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003eFor users who do not use the ICM Viewer:\u003cul\u003e\u003cli\u003eYou must immediately uninstall the program from your system.\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "IDIS recommends users to follow these guidelines:\n\n  *  For users who continue to use the ICM Viewer:  *  You must access  https://icm.idisglobal.com https://icm.idisglobal.com/ \u00a0and follow the instructions provided to upgrade to version v1.7.1. IDIS requires all users to upgrade to v1.7.1. Failure to do so will render the ICM Viewer unusable.\n\n\n\n  *  For users who do not use the ICM Viewer:  *  You must immediately uninstall the program from your system."
            }
          ],
          "source": {
            "advisory": "ICSA-25-308-05",
            "discovery": "EXTERNAL"
          },
          "title": "IDIS ICM Viewer Argument Injection",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2025-12556",
        "datePublished": "2025-11-06T15:35:58.447Z",
        "dateReserved": "2025-10-31T16:30:47.318Z",
        "dateUpdated": "2025-11-06T15:47:08.878Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }