CVE-2025-13605 - Vulnerability Details - OpenCVE

3onedata modbus gateway device model GW1101-1D(RS-485)-TB-P (hardware version V2.2.0) allows authenticated users to execute arbitrary shell commands in the context of the root user by providing payload in the "IP address" field of the diagnosis test tools. This issue has been resolved in firmware version 3.0.59B2024080600R4353

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
3onedata	Gw1101-1d(rs-485)-tb-p

No data.

No data.

References

Link	Providers
https://cert.pl/en/posts/2026/05/CVE-2025-13605

History

Mon, 04 May 2026 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		3onedata 3onedata gw1101-1d(rs-485)-tb-p
Vendors & Products		3onedata 3onedata gw1101-1d(rs-485)-tb-p

Mon, 04 May 2026 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 04 May 2026 15:00:00 +0000

Type	Values Removed	Values Added
Description		3onedata modbus gateway device model GW1101-1D(RS-485)-TB-P (hardware version V2.2.0) allows authenticated users to execute arbitrary shell commands in the context of the root user by providing payload in the "IP address" field of the diagnosis test tools. This issue has been resolved in firmware version 3.0.59B2024080600R4353
Title		Shell command injection in 3onedata GW1101-1D(RS-485)-TB-P modbus gateway
Weaknesses		CWE-78
References		https://cert.pl/en/posts/2026/05/CVE-2025-13605
Metrics		cvssV4_0 `{'score': 9.3, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}`

MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published: 2026-05-04T14:52:39.300Z

Updated: 2026-05-04T15:28:56.851Z

Reserved: 2025-11-24T14:44:56.542Z

Link: CVE-2025-13605

Vulnrichment

Updated: 2026-05-04T15:28:44.757Z

NVD

Status : Received

Published: 2026-05-04T15:16:02.630

Modified: 2026-05-04T15:16:02.630

Link: CVE-2025-13605

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13605", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "state": "PUBLISHED", "assignerShortName": "CERT-PL", "dateReserved": "2025-11-24T14:44:56.542Z", "datePublished": "2026-05-04T14:52:39.300Z", "dateUpdated": "2026-05-04T15:28:56.851Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "GW1101-1D(RS-485)-TB-P", "vendor": "3onedata", "versions": [{"lessThan": "3.0.59B2024080600R4353", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Jaros\u0142aw Wawi\u00f3rko"}, {"lang": "en", "type": "finder", "value": "\u0141ukasz Rybak"}], "datePublic": "2026-05-04T14:50:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "3onedata modbus gateway device model GW1101-1D(RS-485)-TB-P (hardware version V2.2.0) <span style=\"background-color: rgb(255, 255, 255);\">allows authenticated users to execute arbitrary shell commands in the context of the root user by providing payload in the \"IP address\" field of the diagnosis test tools.<br></span>This issue has been resolved in firmware version 3.0.59B2024080600R4353"}], "value": "3onedata modbus gateway device model\u00a0GW1101-1D(RS-485)-TB-P (hardware version V2.2.0)\u00a0allows authenticated users to execute arbitrary shell commands in the context of the root user by providing payload in the \"IP address\" field of the diagnosis test tools.\nThis issue has been resolved in firmware version 3.0.59B2024080600R4353"}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 9.3, "baseSeverity": "CRITICAL", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2026-05-04T14:52:39.300Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://cert.pl/en/posts/2026/05/CVE-2025-13605"}], "source": {"discovery": "EXTERNAL"}, "title": "Shell command injection in 3onedata GW1101-1D(RS-485)-TB-P modbus gateway", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-04T15:28:34.977201Z", "id": "CVE-2025-13605", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-04T15:28:56.851Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-13605", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-05-04T15:28:34.977201Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-04T15:28:44.757Z"}}], "cna": {"title": "Shell command injection in 3onedata GW1101-1D(RS-485)-TB-P modbus gateway", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Jaros\u0142aw Wawi\u00f3rko"}, {"lang": "en", "type": "finder", "value": "\u0141ukasz Rybak"}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "3onedata", "product": "GW1101-1D(RS-485)-TB-P", "versions": [{"status": "affected", "version": "0", "lessThan": "3.0.59B2024080600R4353", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2026-05-04T14:50:00.000Z", "references": [{"url": "https://cert.pl/en/posts/2026/05/CVE-2025-13605", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "3onedata modbus gateway device model\u00a0GW1101-1D(RS-485)-TB-P (hardware version V2.2.0)\u00a0allows authenticated users to execute arbitrary shell commands in the context of the root user by providing payload in the \"IP address\" field of the diagnosis test tools.\nThis issue has been resolved in firmware version 3.0.59B2024080600R4353", "supportingMedia": [{"type": "text/html", "value": "3onedata modbus gateway device model GW1101-1D(RS-485)-TB-P (hardware version V2.2.0) <span style=\"background-color: rgb(255, 255, 255);\">allows authenticated users to execute arbitrary shell commands in the context of the root user by providing payload in the \"IP address\" field of the diagnosis test tools.<br></span>This issue has been resolved in firmware version 3.0.59B2024080600R4353", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2026-05-04T14:52:39.300Z"}}}, "cveMetadata": {"cveId": "CVE-2025-13605", "state": "PUBLISHED", "dateUpdated": "2026-05-04T15:28:56.851Z", "dateReserved": "2025-11-24T14:44:56.542Z", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "datePublished": "2026-05-04T14:52:39.300Z", "assignerShortName": "CERT-PL"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "3onedata modbus gateway device model\u00a0GW1101-1D(RS-485)-TB-P (hardware version V2.2.0)\u00a0allows authenticated users to execute arbitrary shell commands in the context of the root user by providing payload in the \"IP address\" field of the diagnosis test tools.\nThis issue has been resolved in firmware version 3.0.59B2024080600R4353"}], "id": "CVE-2025-13605", "lastModified": "2026-05-04T15:16:02.630", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cvd@cert.pl", "type": "Secondary"}]}, "published": "2026-05-04T15:16:02.630", "references": [{"source": "cvd@cert.pl", "url": "https://cert.pl/en/posts/2026/05/CVE-2025-13605"}], "sourceIdentifier": "cvd@cert.pl", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "cvd@cert.pl", "type": "Primary"}]}