CVE-2025-13790 is a Cross-Site Request Forgery vulnerability identified in Scada-LTS, an open-source supervisory control and data acquisition (SCADA) platform used for industrial automation and monitoring. The vulnerability affects versions 2.7.8.0 and 2.7.8.1. CSRF occurs when an attacker tricks an authenticated user into submitting a forged HTTP request, causing the victim's browser to perform unwanted actions on a web application where they are logged in. This vulnerability does not require the attacker to have any privileges or authentication, but it does require the victim to interact with a maliciously crafted link or webpage. The CVSS 4.0 base score is 5.3 (medium), reflecting the network attack vector, low complexity, no privileges required, but requiring user interaction and causing limited integrity impact. The vendor was contacted but has not responded or issued a patch, and no official remediation is currently available. The vulnerability could allow attackers to manipulate critical SCADA functions remotely, potentially disrupting industrial processes or causing unauthorized configuration changes. The lack of vendor response and patch availability increases the urgency for organizations to implement compensating controls. No known exploits have been observed in the wild yet, but public disclosure raises the risk of exploitation attempts.

The primary impact of this vulnerability is on the integrity of SCADA systems using Scada-LTS, as attackers could execute unauthorized commands by exploiting CSRF. This could lead to unauthorized changes in control settings, manipulation of monitoring data, or disruption of industrial processes. Given the critical role of SCADA systems in infrastructure such as energy, water treatment, manufacturing, and transportation, successful exploitation could have cascading effects on operational continuity and safety. Although availability and confidentiality impacts are limited, the integrity compromise alone can lead to significant operational risks and potential safety hazards. The requirement for user interaction somewhat limits exploitation ease, but social engineering tactics could facilitate attacks. The absence of vendor patches means organizations must rely on alternative mitigations to reduce risk. The medium severity rating reflects these factors, but the critical nature of SCADA environments elevates the practical risk for affected organizations.

Since no official patches are available, organizations should implement multiple compensating controls. First, enforce strict CSRF protections at the web application layer, such as validating anti-CSRF tokens on all state-changing requests and verifying the Origin and Referer headers. Network segmentation should isolate SCADA management interfaces from general user networks to reduce exposure. User training is essential to raise awareness about phishing and social engineering risks that could trigger CSRF attacks. Employ web application firewalls (WAFs) with custom rules to detect and block suspicious CSRF attempts targeting Scada-LTS interfaces. Monitor logs for unusual or unauthorized commands and implement anomaly detection to identify potential exploitation. Where feasible, restrict access to the Scada-LTS web interface to trusted IP addresses and require multi-factor authentication to reduce the risk of session hijacking. Regularly back up configurations and critical data to enable recovery from unauthorized changes. Finally, maintain vigilance for vendor updates or community patches and apply them promptly once available.