Critical Vulnerabilities in Ilevia EVE X1 Server Allow Remote Exploitation

Keypoints

• Multiple critical flaws in Ilevia EVE X1 Server (
• The combined impact of these issues yields a CVSS v3 score of 9.8, indicating high severity.
• Identified weaknesses include OS command injection, path traversal, plaintext credentials in logs, cross-site scripting, and a sudoers misconfiguration enabling root escalation.
• CISA recommends minimizing network exposure, isolating control systems behind firewalls, using up-to-date VPNs, and following ICS defensive best practices.
• Vulnerabilities were reported by Gjoko Krstic of Zero Science Lab, and no confirmed public exploitation has been reported to CISA to date.