CVE-2025-49849 is a high-severity vulnerability identified in LS Electric's GMWin 4 software, specifically version 4.18. The vulnerability is classified as an Out-of-bounds Read (CWE-125) occurring during the parsing of PRJ project files. This flaw arises due to insufficient validation of user-supplied data within the file parsing logic, which allows the application to read or write beyond the allocated memory boundaries. Such memory corruption can lead to unpredictable behavior including application crashes, data leakage, or potential execution of arbitrary code depending on how the corrupted memory is leveraged. The vulnerability does not require privileges or authentication to exploit but does require user interaction, such as opening or importing a crafted PRJ file. The CVSS 4.0 base score is 8.4, reflecting a high severity with local attack vector, low attack complexity, no privileges required, but user interaction necessary. The impact on confidentiality, integrity, and availability is rated high, indicating that successful exploitation could compromise sensitive data, alter system behavior, or disrupt operations. There are no known exploits in the wild at the time of publication, and no patches have been released yet. GMWin 4 is a Human-Machine Interface (HMI) software used primarily in industrial control systems (ICS) and automation environments, which makes this vulnerability particularly critical in operational technology (OT) contexts where reliability and safety are paramount. The vulnerability's exploitation could potentially affect industrial processes controlled via GMWin 4, leading to operational disruptions or safety hazards if attackers manipulate the system through crafted project files.

For European organizations, especially those operating in industrial automation, manufacturing, energy, and critical infrastructure sectors, this vulnerability poses a significant risk. GMWin 4 is used to configure and monitor industrial control systems, so exploitation could lead to unauthorized disclosure of sensitive operational data, manipulation of control parameters, or denial of service conditions. This could disrupt production lines, cause safety incidents, or lead to financial losses. Given the high confidentiality, integrity, and availability impact, attackers could leverage this vulnerability to gain footholds within OT environments, potentially moving laterally to other critical systems. The requirement for user interaction means social engineering or phishing campaigns targeting engineers or operators could be an attack vector. The absence of patches increases the window of exposure, and the lack of known exploits suggests that proactive mitigation is essential to prevent future attacks. The vulnerability's local attack vector limits remote exploitation but does not eliminate risk in environments where project files are shared or transferred between systems.

1. Implement strict controls on the handling and transfer of PRJ files, including validating and scanning files before opening them in GMWin 4. 2. Restrict GMWin 4 usage to trusted personnel and limit file import/export capabilities to reduce exposure to malicious files. 3. Employ network segmentation to isolate engineering workstations running GMWin 4 from broader corporate and internet-facing networks to reduce attack surface. 4. Use application whitelisting and endpoint detection to monitor for suspicious activities related to GMWin 4 processes. 5. Train staff on the risks of opening unsolicited or unverified project files and incorporate phishing awareness to prevent social engineering attacks. 6. Monitor vendor communications closely for patches or updates addressing this vulnerability and plan for immediate deployment once available. 7. Consider deploying runtime application self-protection (RASP) or memory protection tools that can detect and prevent out-of-bounds memory access attempts. 8. Maintain comprehensive backups of project files and system configurations to enable rapid recovery in case of compromise.