Valmet DNA Engineering Web Tools Vulnerable to Path Traversal
Vulnerability Overview
On February 19, 2026, CISA issued an advisory regarding a high-severity vulnerability affecting Valmet DNA Engineering Web Tools. This software, developed by the Finnish automation firm Valmet, is widely utilized in the Energy and Critical Manufacturing sectors globally. The vulnerability, tracked as CVE-2025-15577, carries a CVSS v3.1 base score of 8.6, reflecting its potential for significant impact on industrial control systems (ICS). According to CISA Advisory ICSA-26-050-02, the flaw allows unauthenticated attackers to gain unauthorized file read access by manipulating the web maintenance services URL.
Technical Analysis and Impact
CVE-2025-15577 is classified under CWE-22: Improper Limitation of a Pathname to a Restricted Directory, commonly known as a path traversal vulnerability. In the context of Valmet DNA Engineering Web Tools, the application fails to sufficiently validate user-supplied input within the maintenance service URLs. By submitting specially crafted requests containing sequences such as ../ (dot-dot-slash), an attacker can escape the intended directory root of the web server.
Because this vulnerability requires no authentication and has low attack complexity, it represents a substantial risk to organizations running legacy versions of the engineering suite—specifically versions C2022 and earlier. An attacker with network access to the engineering interface can read arbitrary files from the host operating system. This could include:
- Configuration files containing plain-text credentials or database connection strings.
- System files that reveal internal network architecture or software versions.
- Sensitive engineering data that could be leveraged for further reconnaissance within the Operational Technology (OT) environment.
The vulnerability’s CVSS vector (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N) highlights that while the integrity and availability of the system are not directly compromised by the file read itself, the “Scope” (S:C) is changed. This indicates that a successful exploit can impact resources beyond the immediate security scope of the web tool, potentially exposing the underlying server’s sensitive data.
Sector-Specific Risks
The deployment of Valmet DNA in Energy and Critical Manufacturing makes this disclosure particularly sensitive. Engineering tools are often the gateway to Industrial Control Systems (ICS) environments. If an adversary gains information regarding the configuration of a Distributed Control System (DCS) or PLC programming environment, they can tailor subsequent attacks to disrupt physical processes or bypass safety controls. Although there is currently no evidence of active exploitation in the wild, the high CVSS score necessitates immediate attention from asset owners.
Mitigation and Defensive Strategies
The primary remediation for CVE-2025-15577 is the application of the official fix provided by Valmet. Organizations using Valmet DNA Engineering Web Tools version C2022 or older should contact Valmet automation customer service directly to secure the necessary updates. Valmet has provided a dedicated security advisory page for further vendor-specific details.
Beyond patching, defenders should implement the following architectural safeguards:
Network Security Practices
- Network Isolation: Ensure that engineering web tools are not exposed to the public internet. These services should reside on a dedicated, isolated management network.
- Segmentation: Utilize firewalls to separate the ICS/OT network from the corporate business network. Any communication between these zones should be strictly controlled via an access control list (ACL).
- Secure Remote Access: If remote access is required for maintenance, it must be conducted through a managed Virtual Private Network (VPN) with multi-factor authentication (MFA).
Monitoring and Auditing
- Log Analysis: Audit web server logs for suspicious URL patterns, particularly those containing directory traversal sequences or attempts to access sensitive paths like
/etc/passwdor Windows system directories. - Integrity Checks: Regularly verify the integrity of critical configuration files to ensure no unauthorized access or modification has occurred.