CVE-2025-9139 is an information disclosure vulnerability identified in Scada-LTS version 2.7.8.1, specifically related to the functionality of the file /Scada-LTS/dwr/call/plaincall/WatchListDwr.init.dwr. The vulnerability allows an attacker to perform manipulations that could lead to unauthorized information disclosure. The attack vector is remote network access, and exploitation does not require user interaction. However, the vulnerability requires at least limited privileges, specifically admin-level permissions, to be exploited. The vendor has indicated that the risk posed by this vulnerability is minimal because all exploitation scenarios likely require administrative permissions, and malicious actions by an admin would already represent a significant risk regardless of this vulnerability. The CVSS v4.0 base score is 5.3 (medium severity), reflecting a network attack vector, low complexity, no user interaction, and limited impact on confidentiality. There are no known exploits in the wild at this time, and no patches have been publicly linked yet. The vulnerability is primarily an information disclosure issue, which means that sensitive data could be exposed to unauthorized parties if exploited. Given that the vulnerability requires admin privileges, it is more a concern in environments where admin credentials might be compromised or where privilege escalation is possible. Scada-LTS is an open-source SCADA (Supervisory Control and Data Acquisition) system used for industrial control and monitoring, which makes this vulnerability relevant to critical infrastructure and industrial environments that rely on this software for operational technology (OT) management.

For European organizations, particularly those operating in industrial sectors such as energy, manufacturing, water treatment, and transportation, this vulnerability poses a moderate risk. Information disclosure in SCADA systems can lead to leakage of operational data, system configurations, or other sensitive information that could aid attackers in planning further attacks or disrupting operations. Although exploitation requires admin privileges, if an attacker gains such access through other means (e.g., phishing, credential theft, or insider threat), this vulnerability could facilitate reconnaissance and lateral movement within the network. The impact on confidentiality is moderate, while integrity and availability are not directly affected by this vulnerability. However, the exposure of sensitive SCADA data could indirectly lead to operational disruptions if leveraged in coordinated attacks. European critical infrastructure operators are often subject to stringent cybersecurity regulations (e.g., NIS Directive), so even medium-severity vulnerabilities in SCADA systems warrant attention to maintain compliance and operational resilience.

1. Restrict administrative access to Scada-LTS systems to trusted personnel only, implementing strict access controls and multi-factor authentication to reduce the risk of credential compromise. 2. Monitor and audit all admin-level activities within Scada-LTS to detect any unauthorized or suspicious actions promptly. 3. Network segmentation should be enforced to isolate SCADA systems from general IT networks and limit remote access to only necessary and secured channels, such as VPNs with strong encryption and endpoint security. 4. Apply the principle of least privilege to all users and services interacting with Scada-LTS, ensuring that admin privileges are granted only when absolutely necessary. 5. Stay informed about vendor updates and patches for Scada-LTS and apply security updates promptly once available. 6. Conduct regular security assessments and penetration testing focused on SCADA environments to identify and remediate privilege escalation paths that could enable exploitation of this vulnerability. 7. Implement intrusion detection and prevention systems tailored for OT environments to detect anomalous activities that could indicate exploitation attempts.