In a major red flag for the industrial cybersecurity community, three newly disclosed vulnerabilities in Microsens NMP Web+, a popular network management solution used across critical infrastructure, have revealed just how fragile many ICS environments remain. The flaws—two rated critical and one high—allow unauthenticated attackers to bypass authentication, generate forged JWTs, and execute arbitrary code, potentially enabling full system compromise with no credentials required.
Discovered by security researcher Noam Moshe, the vulnerabilities demonstrate how a combination of weak authentication mechanisms and insecure file handling can open the door to devastating attacks. While patches have now been released, some vulnerable systems remain internet-exposed, prompting urgent warnings from CISA—especially for those in the critical manufacturing sector.
In this episode, we dive into what went wrong, why these bugs are so dangerous, and how this incident reflects a deeper and systemic challenge in ICS security.
Topics covered include:
- The technical anatomy of the vulnerabilities (CVE-2025-49151, CVE-2025-49153, CVE-2025-49152) and how attackers can chain them for full remote access.
- Why ICS systems—unlike traditional IT—face unique challenges around patching, downtime tolerance, and legacy software dependencies.
- The dangerous rise of internet-exposed ICS systems, with over 145,000 devices globally found accessible via public scans.
- The critical role of vendor patching, network segmentation, and compensating controls when downtime prevents immediate updates.
- Strategic best practices like:
- Building dedicated ICS test environments for patch validation
- Using firewalls and virtual patching to buy time when updates can’t be applied
- Adopting zero-trust architecture and isolating OT from business IT networks
- The persistent convergence of IT and OT networks, creating new attack surfaces if not tightly managed
- Real-world consequences of ICS vulnerabilities: from ransomware shutting down production lines to malware causing device malfunction and downtime
Microsens isn’t the only vendor in the spotlight—this episode sheds light on an industry-wide problem where security is often deprioritized in favor of uptime, and vendors may still use outdated design practices like hardcoded credentials or unexpired tokens.
For CISOs, OT engineers, and asset owners in manufacturing, energy, and industrial sectors, this is a critical wake-up call. Patching can’t be reactive—it must be strategic, tested, and integrated with operational priorities. Because when ICS systems go down, it’s not just data at risk—it’s the infrastructure behind national economies and physical safety.
