CVE-2025-27847 for Web Controller Firmware

Monday, March 17 2025

Will be resolved

Product

Espec North America Web controller.

Status

Resolved

Version 3.3.8 and newer.

Affected Versions

3.0.0 - 3.3.7

Problem

Javascript Web Token (JWT) is still valid when a user logs out of the system.

Resolution

JWT white-list has been added, user is added to the whitelist when the login, and removed when they logout.

This has the side effect that all tokens generated before updating to or past 3.3.8 will be invalidated and the users must re-login to the system.

Mitigation

Update the firmware to 3.3.8 or newer.

Other Recent ESPEC News

Contact ESPEC:

The ESPEC Group

Copyright ESPEC NORTH AMERICA, INC.
This site does not collect Personally Identifiable Information (PII) or sell personal information to third parties
Terms of UsePrivacy Policy