Full Report
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Optigo Networks Equipment: Visual BACnet Capture Tool, Optigo Visual Networks Capture Tool Vulnerabilities: Use of Hard-coded, Security-relevant Constants, Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication, gain control over the products, or impersonate the web applications. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool are affected: Visual BACnet Capture Tool: Version 3.1.2rc11 Optigo Visual Networks Capture Tool: Version 3.1.2rc11 3.2 VULNERABILITY OVERVIEW 3.2.1 USE OF HARD-CODED, SECURITY-RELEVANT CONSTANTS CWE-547 Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain a hard coded secret key. This could allow an attacker to generate valid JWT (JSON Web Token) sessions. CVE-2025-2079 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). A CVSS v4 score has also been calculated for CVE-2025-2079. A base score of 8.7 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N). 3.2.2 AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288 Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain an exposed web management service that could allow an attacker to bypass authentication measures and gain controls over utilities within the products. CVE-2025-2080 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2025-2080. A base score of 9.3 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N). 3.2.3 USE OF HARD-CODED, SECURITY-RELEVANT CONSTANTS CWE-547 Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 are vulnerable to an attacker impersonating the web application service and mislead victim clients. CVE-2025-2081 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). A CVSS v4 score has also been calculated for CVE-2025-2081. A base score of 8.7 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Information Technology COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: Canada 3.4 RESEARCHER Tomer Goldschmidt of Claroty Team82 reported these vulnerabilities to CISA. 4. MITIGATIONS Optigo Networks recommends users to upgrade to the following: Visual BACnet Capture Tool: Version v3.1.3rc8 Optigo Visual Networks Capture Tool: Version v3.1.3rc8 CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. 5. UPDATE HISTORY March 11, 2025: Initial Publication
Analysis Summary
# Vulnerability: Multiple Flaws in Optigo Networks Visual Capture Tools Leading to Auth Bypass and Control Takeover
## CVE Details
- CVE ID: CVE-2025-2079, CVE-2025-2080, CVE-2025-2081
- CVSS Score: 9.8 (CVSS 3.1) / 9.3 (CVSS 4.0) for CVE-2025-2080 (Highest)
- CWE: Not explicitly detailed for all, but implied: Hard-coded credentials/secrets (for JWT issue), Broken Authentication (for Auth Bypass).
## Affected Systems
- Products: Optigo Networks Visual BACnet Capture Tool, Optigo Visual Networks Capture Tool
- Versions: Version 3.1.2rc11 (for all listed CVEs)
- Configurations: Not specified, assumed default configuration.
## Vulnerability Description
This advisory details three related vulnerabilities affecting version 3.1.2rc11 of Optigo Networks' capture tools:
1. **CVE-2025-2079 (Hard-coded Secret Key)**: A hard-coded secret key in the software allows an attacker to generate valid JSON Web Token (JWT) sessions remotely without authentication (CVSS 3.1: 7.5).
2. **CVE-2025-2080 (Authentication Bypass)**: An exposed web management service allows an attacker to bypass authentication measures, potentially gaining control over utilities within the products (CVSS 3.1: 9.8).
3. **CVE-2025-2081 (Impersonation)**: The vulnerability allows an attacker to impersonate the web application service and mislead victim clients (CVSS 3.1: 7.5).
Successful exploitation could lead to authentication bypass, product control takeover, or service impersonation.
## Exploitation
- Status: No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.
- Complexity: Low (Indicated by CVSS vector: AC:L)
- Attack Vector: Network (AV:N)
## Impact
| CVE ID | Confidentiality | Integrity | Availability |
| :--- | :--- | :--- | :--- |
| CVE-2025-2079 | High | None | None |
| CVE-2025-2080 | High | High | High |
| CVE-2025-2081 | None | None | High |
## Remediation
### Patches
- **Visual BACnet Capture Tool**: Upgrade to Version v3.1.3rc8
- **Optigo Visual Networks Capture Tool**: Upgrade to Version v3.1.3rc8
### Workarounds
1. Minimize network exposure for all control system devices, ensuring they are not accessible from the Internet.
2. Locate control system networks and remote devices behind firewalls and isolate them from business networks.
3. When remote access is required, utilize secure methods such as Virtual Private Networks (VPNs).
## Detection
- **Indicators of compromise**: Unknown based on provided text, but successful exploitation would manifest as unauthorized access or control changes within the tools.
- **Detection methods and tools**: Standard network monitoring for unusual authentications or management interface access originating from unexpected sources. CISA recommends implementing defense-in-depth strategies for ICS assets.
## References
- Vendor Advisory/Patch Availability: hxxps://optigo.zendesk.com/hc/en-us/sections/360011386412-Capture-Tool-Software-Visual-BACnet
- Vendor Advisory/Patch Availability: hxxps://optigo.zendesk.com/hc/en-us/sections/20125604316813-Capture-Tool-Software-Optigo-Visual-Networks
- General CISA ICS Guidance: hxxps://www.cisa.gov/topics/industrial-control-systems