Notes: The CRYPTRON Security GmbH website does not use cookies. No session or user cookies are created when visiting the website. Cookies are small text files that can be stored in a user's Internet browser via a website. Cookies are only created when administrators make adjustments to the CMS. Cookies do not cause any damage to your computer and do not contain viruses. By using this website you agree to the processing of statistical data about you by Google (Google Analytics). We occasionally run marketing campaign with support of Google Analytics for evaluation. You can disable the use of cookies at any time through the settings in your browser. As a rule, cookies are used only for the duration of your session for the purpose of anonymous, static assessments and to improve the user experience on our website. By clicking "OK", you agree to the storage of cookies on your device, which will be used to improve website navigation, analyze website usage and optimize our marketing efforts.

More Information
Info

Cryptron EN

Search

⚠️ SECURITY ADVISORY: CVE-2025-7426 – INFORMATION DISCLOSURE & CREDENTIAL LEAKAGE (CVSS, 9,3)

Critical Vulnerability in MINOVA TTA Software – Analysis, Attack Path, and Recommendations

| CRYPTRON Security GmbH | Stefan Mettler, Founder & CEO

Large Oil Tank

Management Summary

CRYPTRON Security GmbH has discovered a critical vulnerability (CVE-2025-7426) in the MINOVA TTA automation software, posing a significant risk to critical industrial environments and tank farms.

An unprotected debug port (TCP 1604) discloses FTP credentials in plaintext, allowing attackers with network access to retrieve sensitive production data without authentication, manipulate processes, and violate compliance requirements. The vulnerability has a CVSSv4.0 score of 9.3, categorizing it as critical.

All versions up to 11.17.0 are affected. An update to MINOVA TTA version 11.18.0 or later is recommended. A dedicated update of the MINOVA TTA module ch.minova.nservice from the vendor is strongly advised.

It is also recommended to implement Zero Trust principles to reduce risks such as data exfiltration, severe operational disruptions, or physical damage as seen in historical attacks like Stuxnet or WannaCry.

This security advisory targets CISOs, CTOs, Risk Officers, and Security Engineers, providing in-depth technical analysis and actionable recommendations.

Introduction to MINOVA TTA

MINOVA TTA (Terminal & Tank Automation) is a highly advanced, modular software solution specifically designed for the control and automation of tank farms, loading facilities, and complex logistics processes in industrial environments. Widely used across Switzerland and Europe, it supports critical sectors including:

> Application Areas of MINOVA TTA (Dropdown Menu)
  • Energy Sector: Utilized in tank farms for precise control of oil, gas, and fuel storage and loading processes, where minor errors can have major consequences.
  • Chemical Industry: Monitoring and controlling hazardous material storage and transport, where safety and compliance with strict regulations are top priorities.
  • Logistics and Transport: Automation of vehicle scales, efficient loading processes, and intelligent access control to optimize the flow of goods.
  • Production Plants: Seamless integration with ERP systems like SAP and Microsoft Dynamics via robust EDI/FTP interfaces to optimize material flow and ensure uninterrupted production.
  • Ports and Terminals: Comprehensive management of ship and truck loading, and warehouse systems for efficient handling in international trade.

The software integrates essential components such as SCADA/PLC systems, ERP interfaces, detailed process sensors (e.g., level, pressure, temperature), and modern access controls to ensure continuous and seamless operations.

Given its central role in business-critical processes and direct interaction with physical infrastructure, the security of MINOVA TTA is of existential importance.

A compromise could result not only in financial losses and severe reputational damage but also environmental or even personal harm if systems cannot be properly controlled.

Technical Vulnerability (CVE-2025-7426)

The identified critical vulnerability, registered as CVE-2025-7426, was located in the ch.minova.nservice module of the MINOVA TTA software by the CRYPTRON Security team during a penetration test. Specifically, it concerns an openly accessible debug port (TCP 1604) that discloses FTP credentials in plaintext without any form of authentication or encryption.

"Zero Trust means: Trust no one – not even your own corporate network.

 

Effective monitoring and the consistent use of strong encryption are essential pillars of any modern security strategy."

 

Stefan Mettler, Founder & CEO, CRYPTRON Security GmbH

This disclosure of login credentials poses a significant security risk as it allows direct and unauthorized access to sensitive systems and the critical data they contain.

> Classification and Criticality (Dropdown Menu)
  • CWE-522 (Insufficiently Protected Credentials): The vulnerability is classified as Insufficiently Protected Credentials because credentials are stored or transmitted without sufficient protection.
  • CVSSv3.1 Score: With a Common Vulnerability Scoring System (CVSS) v3.1 score of 9.1, this vulnerability is rated as critical, highlighting the high threat level and potentially severe impact on confidentiality, integrity, and availability.
> Violated Security Requirements | IEC 62443-3

The vulnerability violates several key requirements of the IEC 62443-3-3 standard for industrial automation and control systems (IACS), which define the security of OT environments:

  • SR 1.2 – Administrator Privilege Control: The lack of authentication on the debug port bypasses any control over admin privileges, as FTP credentials are freely accessible. An attacker can gain administrative rights without authentication.
  • SR 2.1 – Authorization: Unauthorized access to the port for data extraction directly violates the principle of authorization. There are no mechanisms to restrict access to this critical service to authorized users.
  • SR 3.1 – Communication Integrity: Plaintext transmission of FTP credentials over an open port undermines communication integrity. Sensitive data such as usernames and passwords are unprotected and easily intercepted.
  • SR 3.3 – Confidentiality Protection: The plaintext disclosure of FTP credentials violates the protection of confidential information. These leaked credentials may grant access to further systems and data stores.
  • SR 7.6 – Audit Log Access: An attacker using the disclosed FTP credentials could manipulate or delete audit logs to cover tracks, significantly hindering forensic analysis and incident tracing.

These violations of established security standards are particularly concerning in OT/SCADA environments, where the safety of physical processes and critical infrastructure is at stake. The urgency to remediate this vulnerability is therefore immense.

Proof of Concept

The exploitability of the vulnerability was practically demonstrated through a detailed Proof of Concept (PoC) conducted in a controlled test environment. This PoC outlines, step by step, how an attacker with basic networking tools can exploit the vulnerability to gain unauthorized access to critical systems and data.

Step Description Command/Verification Result
Port Scan Initial scan to identify open ports in the target network. nmap -sS -sV -p- -A target-IP-address Open ports identified, including the critical ones: 1602, 1603, 1604, 1636. Port 1604 stands out as an unprotected debug port.
Plaintext Output Direct access to the previously identified open debug port 1604. netcat target-IP and port 1604 or direct browser access The output on port 1604 shows FTP credentials in plaintext (usernames and passwords), confirming Insufficiently Protected Credentials.
FTP Login Use of intercepted credentials to establish an FTP connection. Connection via WinSCP or standard FTP client using leaked credentials Successful login to the target system via FTP. This proves the credentials are valid and grant direct access.
Data Exfiltration Access and manipulation of file systems after successful login. Download/upload of files in sensitive directories Full access to critical directories such as /MIG (Migration), /SHL (Interfaces), and /TAM (Tank Automation Module). Data could be downloaded and potentially manipulated, confirming threats to data integrity and confidentiality.

This detailed PoC not only demonstrates the existence of the vulnerability but also highlights how easily it can be exploited by an attacker with minimal resources.

The middle section of the screenshot (image partially redacted) displays numerous debug outputs of the MINOVA system ch.minova.service.DebugServiceEvent. Particularly critical is the fact that complete connection information, internal system states, and binary data strings (partially Base64 or Hex) are disclosed live and unprotected in the debug log.

Attack Vector

The attack vector enabled by this vulnerability outlines the step-by-step approach an attacker can use to move from initial detection of the flaw to full system compromise and potential manipulation. This path highlights critical points where security mechanisms may fail.

Attack Patch Steps (Samples):

  • Initial Access & Network Scanning:
    • Description: The attacker begins by probing the target network, often using external or internal scanning to identify open ports and services. In this case, the publicly accessible debug port (TCP 1604) of the MINOVA TTA software is identified as a potential entry point.
    • Relevance: This step is crucial for mapping the attack surface. Even simple port scanning tools are sufficient to uncover this vulnerability.
  • Credential Harvesting:
    • Description: By accessing the openly available debug port 1604 without authentication, FTP credentials in plaintext can be intercepted. This information is immediately accessible without the need for complex exploit techniques or social engineering.
    • Relevance: This is the most critical step of the attack, as it provides the attacker with the necessary login credentials to directly access other systems.
  • Direct FTP Access:
    • Description: With the stolen FTP credentials, the attacker can establish a direct FTP connection to the MINOVA TTA systems. This grants full access to the software’s file systems and contained data.
    • Relevance: Direct file access enables the attacker to exfiltrate sensitive data or upload malicious payloads.
  • Lateral Movement & Escalation:
    • Description: Once FTP access is established, the attacker may proceed with further steps. This may include downloading sensitive data, uploading malicious scripts, or modifying existing configurations. Access to directories such as /MIG, /SHL, and /TAM indicates extensive opportunities for data exfiltration and manipulation. From there, the attacker may attempt to move laterally across the network and access other connected systems (e.g., SCADA controls, ERP systems).
    • Relevance: This step is crucial for expanding the attack to the entire infrastructure and may lead to widespread damage.
  • Impact & Objective Fulfillment:
    • Description: The final outcomes of the attack can vary and may include the exfiltration of sensitive data (e.g., production recipes, customer data), manipulation of processes (e.g., tank fill levels, production parameters), and disruption of the availability of critical systems (e.g., shutdown of loading and unloading operations).
    • Relevance: This is the end stage of the attack path, where the attacker achieves their objectives and causes maximum damage.

The simplicity of the attack vector significantly increases the urgency of implementing countermeasures, as no advanced knowledge or complex tools are required to exploit it.

Risk Analysis

The impacts of the CVE-2025-7426 vulnerability are extensive and affect the three core pillars of information security – Confidentiality, Integrity, and Availability (CIA triad) – with potentially catastrophic consequences for operations, safety, and the environment.

> Threats to the CIA Triad (Dropdown Menu)
  • Confidentiality:

    The disclosure of FTP credentials in plaintext enables unauthorized exfiltration of sensitive process data, proprietary information, and potentially customer or supplier-related data. This may include production recipes, inventory data, detailed process parameters, or even critical business strategies.

    Such compromise can result in severe financial losses, major reputational damage, and loss of competitive advantage.

  • Integrity:

    An attacker may manipulate the integrity of data and processes. This includes modifying tank fill levels (e.g., causing overflows or leaks), changing production parameters (leading to defective products or quality issues), or tampering with inventory (causing incorrect billing or delivery delays).

    Such manipulations not only cause financial damage but may also result in significant safety risks in the physical world, including environmental damage or explosions.

  • Availability:

    The ability to manipulate processes or destroy system configurations can disrupt or completely halt the availability of loading and unloading operations.

    This would have direct and severe impacts on the entire supply chain, operational efficiency, and could lead to major financial losses due to production downtime. An attack on availability could paralyze an entire facility and have far-reaching economic and societal consequences.

> Historical Parallels: Stuxnet with CVE-2010-2568 or WannaCry with CVE-2017-0144 as a Warning (Dropdown Menu)

The present vulnerability in MINOVA TTA is a serious indication that the threat landscape for industrial control systems and critical infrastructure remains elevated. Historical examples underscore the potential impact when cyberattacks on such systems are successful:

  • Stuxnet (2010): The Prototype of OT Attacks

    What it was: Stuxnet was a highly sophisticated, state-sponsored computer worm specifically designed to sabotage Siemens industrial control systems (ICS). It targeted programmable logic controllers (PLCs) used in Iranian uranium enrichment facilities and manipulated centrifuge speeds to physically damage them.

    The Lesson: Stuxnet was the first global demonstration of how cyberattacks can inflict physical damage on infrastructure. It highlighted the need to treat OT systems not merely as IT extensions, but as separate, highly sensitive targets with specific vulnerabilities and potentially catastrophic physical consequences. The attack emphasized the necessity of segmented, in-depth security practices in OT environments.

  • WannaCry (2017): Global Spread and OT Relevance

    What it was: This global ransomware attack spread exponentially via unsecured SMB ports (Server Message Block), exploiting a vulnerability originally discovered by the U.S. NSA and leaked by the Shadow Brokers (EternalBlue exploit). The ransomware crippled countless systems worldwide, including hospitals, telecoms, and major corporations.

    The Lesson: Although WannaCry did not primarily target OT systems, it vividly illustrated how quickly malware can propagate in interconnected environments and the devastating impact of unpatched systems and exposed ports. The MINOVA TTA vulnerability, which also involves open ports and plaintext credentials, carries similar risks of rapid propagation and widespread impact if exploited in unprotected OT environments. It highlighted the need for robust patch management and eliminating unnecessary open ports.

These historic incidents are a serious reminder that vulnerabilities in OT systems cannot be viewed in isolation. They can pose extensive, systemic risks that extend beyond IT security and have direct consequences in the physical world. The MINOVA TTA vulnerability fits this pattern and requires decisive action.

The risk is further heightened by the fact that OT system attacks are often harder to detect and remediate than traditional IT attacks, due to older infrastructure and proprietary protocols.

Immediate Actions & Strategic Recommendations

Given the critical nature of this vulnerability, immediate and strategic measures are essential to ensure the security of the OT/SCADA environment and minimize potential damage. These recommendations should be prioritized by CISOs and security teams.

Immediate Actions (Short-Term)

  • Block Ports: Immediately block ports 1602, 1603, 1604, and 1636 at the perimeter firewall and on host-based firewalls of affected MINOVA TTA systems. This is the most important first step, as it prevents direct access to the debug port and potentially insecure communication channels. Strict segmentation of OT networks is essential.
  • Change FTP Passwords: All FTP passwords potentially compromised through this vulnerability must be changed immediately. Use strong, unique passwords and implement a policy enforcing regular and mandatory password updates. Multi-factor authentication (MFA) should be enabled on sensitive systems wherever technically feasible.
  • Audit Logs: Thoroughly review all relevant system and application logs to determine whether the vulnerability has already been exploited and to assess the extent of any breach. This includes connection logs for the affected ports. Forensic analysis is crucial to understand the compromise and identify attacker traces.

Strategic Recommendations (Long-Term)

  • Update to MINOVA TTA Version 11.18.0 or later: Upgrading to version 11.18.0 or higher of the MINOVA TTA software and updating module ch.minova.nservice is essential, as this version addresses and resolves the vulnerability (CVE-2025-7426). A vendor patch is in progress.
  • Regular patch management processes must be established and enforced to promptly address future vulnerabilities and keep software up to date.
  • Implement Zero Trust in OT Networks: Introducing Zero Trust principles is crucial for long-term OT network security. This means no user, device, or system is trusted by default—regardless of its location in the network. Instead, strict authentication and authorization controls are required at every access point. This minimizes lateral movement in the event of a breach and prevents unrestricted access from compromised systems.
  • Deploy SCADA-SIEM & Incident Response: Implementing a Security Information and Event Management (SIEM) system tailored to SCADA environments enables centralized collection, correlation, and analysis of security events and logs from OT systems. Additionally, establishing a robust Incident Response Plan is vital. This plan should outline clear steps for detection, containment, eradication, and recovery following a security incident, ensuring a fast and effective response. Regular exercises and simulations of incident response scenarios are essential.

Zero Trust Security for SCADA/OT

The Zero Trust security model has become the gold standard in IT security and is gaining importance in OT environments. It is based on principles such as micro-segmentation, strong authentication, and continuous monitoring.

For MINOVA environments and other SCADA/OT systems, specific implementation strategies are crucial to meet the unique requirements of industrial control systems.

Below is the Zero Trust model from NIST Standard SP.800-207.

Core Zero Trust Logical Components - NIST.SP.800-207

The CRYPTRON Security Team recommends incorporating the following three measures into your security strategy and reviewing the core Zero Trust principles in the dropdown menu:

  1. Trust is not the default: Every access to OT systems must be continuously verified and authorized—even inside your own network.
  2. Strict Access Control: Users, devices, and applications receive only the permissions necessary for their tasks (“Least Privilege” principle).
  3. Transparency and Monitoring: All activities must be fully logged and monitored to immediately detect and respond to unauthorized access or anomalies.
> Core Principles of Zero Trust Implementation in OT (Dropdown Menu)
  • Strict Network Segmentation:

    Description: Deep network segmentation separating SCADA, ERP, and office networks is fundamental. This means dividing critical OT systems into separate security zones to minimize the attack surface and prevent lateral movement between different environments. Firewalls and VLANs are central to this strategy.

    Benefit: Prevents ransomware attacks in office networks from spreading to critical OT systems and blocks uncontrolled communication between trust zones.

  • Introduce Machine Identities and Strong Authentication:

    Description: Implementing machine identities and corresponding authentication mechanisms for devices and applications ensures that only authorized systems can communicate. This includes human users, IoT devices, PLCs, and software services. Instead of default trust, every communication attempt is strictly authenticated.

    Benefit: Eliminates implicit trust within the network and ensures all machine-to-machine or user-to-machine communications are explicitly authenticated and authorized.

  • Real-Time Logging and Continuous Monitoring:

    Description: Continuous real-time logging and monitoring of all network activity, access, and system events is essential. A central logging system—ideally a SIEM capable of analyzing OT-specific protocols and anomalies—enables early detection of deviations and potential incidents. Behavior analysis and machine learning can provide additional support.

    Benefit: Effective monitoring is key to quickly responding to threats and conducting forensic analysis after an incident.

The implementation of Zero Trust in OT environments is complex and requires in-depth analysis of the existing infrastructure and a phased rollout. However, it is a worthwhile investment that significantly enhances resilience against cyberattacks.

Compliance & Regulation

The vulnerability discovered in MINOVA TTA and its potential impact have direct implications for compliance with relevant standards and regulatory requirements, especially in critical infrastructure. Failure to meet these requirements can result in significant fines, legal consequences, and severe reputational damage.

> Violated Standards and Guidelines (Dropdown Menu)
Standard / Guideline Relevant Requirement Compliance Status Impact of Vulnerability
IEC 62443‑3‑3 SR 1.1 (Zones and Conduits), SR 3.1 (Communication Integrity), SR 7.6 (Audit Log Access) Violated The open debug port and plaintext credentials violate fundamental principles of network segmentation and data confidentiality. The lack of log protection undermines traceability.
NIS2 Directive Mandatory reporting within 24 hours for major security incidents. Potentially Violated The vulnerability could trigger a reportable incident, and delayed or missing notification may incur substantial fines. Organizations must adapt processes for rapid detection and reporting.
ICT Minimum Standard Requirements for logging mechanisms and access protection for critical infrastructures. Violated Unprotected access to sensitive data and potential manipulation of audit logs directly contradict requirements for access control and log integrity.
NIST CSF (Cybersecurity Framework) Functions such as “Identify,” “Protect,” and “Detect” are insufficiently implemented. Insufficiently Met The vulnerability reveals gaps in risk identification, protection of critical data, and attack detection. A holistic approach to improve all framework functions is necessary.

Organizations must ensure not only that technical measures are implemented, but also that appropriate processes and policies are in place to meet regulatory requirements. This includes regular audits, penetration tests, and staff training.

Disclosure Timeline

The disclosure of the vulnerability followed a carefully planned and coordinated timeline to ensure Responsible Disclosure (Coordinated Vulnerability Disclosure) and give the vendor sufficient time to address the issue before public release.

Date Event Description
May 6, 2025 Initial Report to MINOVA CRYPTRON Security GmbH sends a detailed description of the vulnerability (CVE‑2025‑7426) and proof of concept to the vendor MINOVA TTA.
June 20, 2025 Vendor Response MINOVA TTA acknowledges receipt of the report and begins internal analysis. Initial assessment of scope and priority is made.
July 9, 2025 Vulnerability Confirmation MINOVA TTA confirms the existence and criticality of the vulnerability. Patch planning is initiated.
August 25, 2025 Public Release (Advisory) CRYPTRON Security GmbH publishes a technical advisory with initial mitigation recommendations for affected organizations.
September 1, 2025 Planned CVE Publication & Patch Availability Official publication of the CVE ID (CVE‑2025‑7426) in the NVD. Patch (version 11.17.0) becomes available to MINOVA TTA customers.

Conclusion

The discovery of the critical vulnerability CVE‑2025‑7426 in MINOVA TTA starkly illustrates the ongoing—and potentially catastrophic—risks posed by unsecured debug interfaces and plaintext credentials in live OT systems. Such vulnerabilities are not merely technical issues; they can have far-reaching effects on business continuity, regulatory compliance, and public safety.

Effective risk mitigation requires a multilayered security strategy, including prompt software updates, implementation of a zero‑trust architecture, and strict adherence to established security standards. In light of lessons learned from large‑scale cyberattacks like Stuxnet and WannaCry, CISOs must proactively protect, continuously monitor, and enhance the resilience of their OT/SCADA environments against increasingly sophisticated threats.

Investing in comprehensive cybersecurity is not only a technical necessity in today’s interconnected industrial landscape but also a critical investment in operational safety, financial stability, and long‑term viability.

CRYPTRON Security GmbH – Your Experts in OT/SCADA Security

For further information, detailed technical analyses, or personalized support in securing your OT/SCADA environments, please contact our CRYPTRON Security Team.

Our information security experts advise you on:

  • 🛡️ Preventive security measures
  • 🚀 Penetration testing
  • 🚨 Incident response & contingency planning
  • 🔒 Zero‑trust implementation in OT/SCADA

Resources