CVE-2025-10150 identifies a deadlock vulnerability (CWE-833) in the embedded webserver of Softing Industrial Automation GmbH smartLink HW-PN and HW-DP gateways. The issue arises when the device’s TCP port 80 is scanned, causing the webserver to enter a deadlock state and crash, resulting in denial of service. The affected versions are smartLink HW-PN from 1.02 through 1.03 and smartLink HW-DP version 1.31. The vulnerability does not require authentication, user interaction, or privileges, making it remotely exploitable by any attacker with network access to the device. The CVSS v4.0 score of 8.7 reflects the high impact on availability and ease of exploitation. The deadlock condition is a concurrency issue where the webserver’s internal processing threads become stuck waiting indefinitely, leading to service unavailability. This can disrupt industrial automation communications and monitoring, potentially halting critical processes. No patches or fixes have been released yet, and no active exploitation has been reported. The vulnerability highlights the risks of exposing industrial control system web interfaces directly to untrusted networks without adequate protections.

For European organizations, especially those operating industrial automation and control systems, this vulnerability poses a significant risk to operational continuity. The affected Softing smartLink gateways are used to interface and manage industrial networks; their unavailability can interrupt data flow, monitoring, and control commands. This can lead to production downtime, safety risks, and financial losses. Since the vulnerability can be triggered remotely without authentication, attackers or automated scanning tools can cause denial of service, potentially as part of a broader attack or disruption campaign. The impact is particularly critical in sectors such as manufacturing, energy, and utilities where these devices are deployed. Additionally, the inability to access the webserver interface complicates incident response and device management during an attack. The lack of patches increases exposure time, emphasizing the need for immediate mitigations.

1. Immediately restrict network access to the affected devices’ TCP port 80 by implementing firewall rules or access control lists (ACLs) to allow only trusted management hosts. 2. Segment industrial control networks from corporate and external networks to reduce exposure to scanning and exploitation attempts. 3. Monitor network traffic for unusual scanning activity targeting port 80 on Softing devices and set up alerts for potential exploitation attempts. 4. Disable or limit the use of the embedded webserver interface if possible, or replace it with more secure management methods such as VPN or dedicated management networks. 5. Engage with Softing Industrial Automation GmbH for updates and patches, and plan for timely deployment once available. 6. Conduct regular vulnerability assessments and penetration tests focusing on industrial control system components to identify and remediate similar issues proactively. 7. Maintain an incident response plan tailored for industrial environments to quickly isolate and recover affected devices in case of exploitation.