CVE-2025-9139 is an information disclosure vulnerability identified in Scada-LTS version 2.7.8.1, specifically involving an unknown functionality within the file /Scada-LTS/dwr/call/plaincall/WatchListDwr.init.dwr. The vulnerability allows an attacker to perform remote manipulation that could lead to unauthorized disclosure of information. According to the vendor, exploitation scenarios generally require administrative privileges, which limits the risk to some extent. The vulnerability has a CVSS 4.0 base score of 5.3, indicating a medium severity level. The vector details (AV:N/AC:L/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P) show that the attack can be performed remotely (network), with low attack complexity, requires privileges (low), no user interaction, and results in low-impact confidentiality loss without affecting integrity or availability. The vendor also notes that even after patching, the overall risk from malicious admin actions remains unchanged, implying that the vulnerability does not elevate the risk beyond what an attacker with admin access could already achieve. No public exploits are known to be actively used in the wild at this time. The vulnerability affects a critical component of SCADA systems, which are widely used for industrial control and monitoring, making any information disclosure potentially sensitive. However, the requirement for admin privileges and the limited impact on system integrity or availability reduce the immediate threat level.

For European organizations, particularly those operating critical infrastructure such as energy, water, manufacturing, and transportation sectors that rely on SCADA systems, this vulnerability poses a moderate risk. Information disclosure could reveal sensitive operational data, system configurations, or monitoring details that adversaries might use for reconnaissance or to plan further attacks. Although exploitation requires administrative privileges, insider threats or compromised admin accounts could leverage this vulnerability to extract information stealthily. The limited impact on integrity and availability means direct disruption is unlikely, but the confidentiality breach could undermine operational security and compliance with data protection regulations such as GDPR. Organizations with SCADA-LTS deployments should be aware that attackers gaining admin access have an additional vector to gather intelligence, potentially facilitating more sophisticated attacks or espionage. The medium severity rating reflects this balance between exploit complexity and potential impact.

1. Restrict administrative access rigorously by implementing strong authentication mechanisms, including multi-factor authentication (MFA) for all admin accounts managing SCADA-LTS systems. 2. Monitor and audit administrative actions continuously to detect any unusual or unauthorized activities promptly. 3. Network segmentation should be enforced to limit remote access to SCADA management interfaces, ideally isolating them from general corporate networks and the internet. 4. Apply the latest patches and updates from the vendor as soon as they become available, even if the vendor indicates limited risk reduction, to close known vulnerabilities. 5. Employ intrusion detection and prevention systems (IDS/IPS) tailored to industrial control systems to identify potential exploitation attempts. 6. Conduct regular security training and awareness programs for administrators to reduce the risk of credential compromise or misuse. 7. Implement strict role-based access control (RBAC) to minimize the number of users with administrative privileges and ensure the principle of least privilege is followed. 8. Consider deploying additional encryption or data masking techniques on sensitive SCADA data to reduce the impact of any information disclosure.