Critical flaw in industrial VPN allows unauthenticated remote code execution

A critical vulnerability in a popular industrial VPN appliance allows unauthenticated remote code execution with root privileges.

CSBadmin
2 Min Read

A critical vulnerability tracked as CVE-2026-45123 with a CVSS score of 9.8 has been disclosed in a widely-used industrial VPN appliance, exposing energy, manufacturing, and critical infrastructure organizations to unauthenticated remote code execution attacks.

The flaw allows remote attackers to execute arbitrary code with root privileges on affected devices without any authentication. Security researchers have identified over 15,000 exposed devices on Shodan, and exploitation attempts have already been detected in the wild.

Critical Infrastructure at Risk

Industrial VPN appliances are widely deployed in operational technology (OT) environments to provide remote access to industrial control systems (ICS), programmable logic controllers (PLCs), and other critical infrastructure components. The vulnerability undermines the security of these remote access gateways, potentially allowing attackers to pivot from IT networks into OT environments.

Energy sector organizations are particularly vulnerable, as these appliances commonly provide remote access to power grid management systems, pipeline monitoring equipment, and generation facility controls. Manufacturing firms face similar risks, with exposed VPN gateways providing potential entry points to production line management systems.

Active Exploitation

Threat intelligence teams have observed exploitation attempts targeting the vulnerability within days of public disclosure. Attackers are scanning for exposed devices and deploying webshells to maintain persistent access. Organizations with unpatched devices should treat them as compromised until proven otherwise.

Mitigation Steps

  • Apply vendor patches immediately on all affected industrial VPN appliances
  • Remove devices from public internet exposure where possible
  • Implement network segmentation between IT and OT environments
  • Deploy virtual patching through web application firewalls
  • Monitor for unauthorized access to industrial VPN management interfaces
  • Conduct forensic analysis on any exposed devices for signs of compromise
CSBadmin

The latest in cybersecurity news and updates.

Share This Article
Follow:
The latest in cybersecurity news and updates.