<ciso brief/>
Tag Banner

All news with #opto 22 tag

all tags →

Thu, November 20, 2025

Opto 22 GRV-EPIC and groov RIO: Remote RCE Vulnerability

#Security Advisory #Patch #RCE #Command Injection #Opto 22 #Industrial Control Systems

⚠️ A remotely exploitable OS command injection in the Opto 22 Groov Manage REST API allows attackers with administrative credentials to inject shell commands that execute as root on affected GRV-EPIC and groov RIO devices. The issue is tracked as CVE-2025-13087 and carries a CVSS v4 base score of 7.5. Opto 22 has released firmware 4.0.3 to address the flaw; users should apply the update promptly. CISA also recommends isolating control networks, minimizing Internet exposure, and monitoring API and system logs for suspicious activity.

read more →