| Risk Category: High | Document ID: ECNET-05-25-3937 |
| Document Version: 1.0 | |
| Document Status: Final |
Description:
| CVE ID: | CVSS Vectors: | Score: |
| CVE-2025-3936 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N | 6.5 |
| CVE-2025-3937 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N | 7.7 |
| CVE-2025-3938 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N | 6.8 |
| CVE-2025-3939 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 5.3 |
| CVE-2025-3940 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | 5.3 |
| CVE-2025-3941 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N | 5.4 |
| CVE-2025-3942 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | 4.3 |
| CVE-2025-3943 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N | 4.1 |
| CVE-2025-3944 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 7.2 |
| CVE-2025-3944 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 7.2 |
| CVE-2025-3945 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 7.2 |
| CVE-2025-3945 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L | 4.7 |
| CVE-2025-3945 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L | 4.7 |
The list above details the security vulnerabilities that have been recently reported and subsequently fixed. The fixes applied include but are not limited to:
- Properly escaping characters or rejecting characters stored in some configuration files
- Improved user permission validation during file writes
- Updated cryptographic parameters to accommodate latest recommendations
Impacted Product Name
EC-Net 4
Impacted Versions
EC-Net 4.10.8
EC-Net 4.14.0
How to Diagnose Installed System
If you have EC-Net 4.10.8 or EC-Net 4.14.0 or earlier released versions of EC-Net installed, then your system is vulnerable to the issues listed above
Impacts on Installed System
Your system could be affected by security breaches
Workaround
N/A
Update Information
The issues have been fixed and the updated software is available on Software Center.
Updated Version
EC-Net 4.14.2.12
Issue Fixed Date
July 2, 2025
For more information or hotfix regarding this technical issue, please contact Distech Controls Technical Support.
LEGAL DISCLAIMER:
THIS CONTENT IS PROVIDED ON AN "AS IS" BASIS FOR INFORMATIONAL PURPOSES ONLY AND IS PROVIDED WITHOUT ANY WARRANTY OF ANY KIND. THE CONTENT IS INTENDED FOR USERS OF ACUITY BRANDS PRODUCTS WHO POSSESS THE PROFESSIONAL SKILLS AND JUDGMENT NECESSARY TO INTERPRET THE INFORMATION AND DETERMINE THE APPROPRIATE STEPS TO TAKE. USE OF THE INFORMATION IS AT THE USER'S OWN RISK. THE AUTHOR RESERVES THE RIGHT TO UPDATE OR DELETE THIS CONTENT AT ANY TIME.
