Valmet DNA user passwords in plain text

CVE-2025-0418

Summary Passwords of Valmet DNA users are stored in plain text within the Valmet DNA function blocks.
Impact This practice poses a security risk as attackers who gain access to local project data can read the passwords.
Issue date March 31, 2025
Affects Valmet DNA Operate versions C2021 and older.
CVE Name https://nvd.nist.gov/vuln/detail/CVE-2025-0418
CVS Details CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:L/U:Green
CVSS Score 5.2
Solution The solution is available from Valmet Automation Customer Service.
Mitigations A properly configured firewall helps to prevent unauthorized access from untrusted networks to the system.
Acknowledgements Sixtus Leonhardsberger and Felix Eberstaller of LimesSecurity.