CVE-2025-48466

HIGH

Advantech WISE-4000 LAN Modbus TCP - Unauthenticated Digital Output Manipulation

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-48466. PoCs published by shipcod3.

AI-analyzed exploit summary The repository contains a functional Python script that demonstrates Modbus packet injection against Advantech WISE 4060LAN IoT Gateway, allowing unauthorized control of Digital Output (DO) channels. The PoC fuzzes Modbus addresses to identify valid DO channels and manipulate them.

Description

Successful exploitation of the vulnerability could allow an unauthenticated, remote attacker to send Modbus TCP packets to manipulate Digital Outputs, potentially allowing remote control of relay channel which may lead to operational or safety risks.

Exploits (1)

nomisec WORKING POC 2 stars
by shipcod3 · poc
https://github.com/shipcod3/CVE-2025-48466

The repository contains a functional Python script that demonstrates Modbus packet injection against Advantech WISE 4060LAN IoT Gateway, allowing unauthorized control of Digital Output (DO) channels. The PoC fuzzes Modbus addresses to identify valid DO channels and manipulate them.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Advantech WISE 4060LAN IoT Gateway
No auth needed
Prerequisites: Network access to the target Modbus server · Modbus server running on port 502
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory
https://github.com/shipcod3/CVE-2025-48466

Scores

CVSS v3 8.1
EPSS 0.0051
EPSS Percentile 39.3%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-863
Status published
Products (3)
advantech/wise-4010lan_firmware
advantech/wise-4050lan_firmware
advantech/wise-4060lan_firmware 2.02b00
Published Jun 24, 2025
Tracked Since Feb 18, 2026