CISA reports unpatched critical flaw in Nedap Librix Ecoreader
Take action: If you are running Nedap Librix Ecoreader, make sure they are isolated from the internet and accessible only from trusted networks. Then reach out to the vendor for patches. Obviously this is not a panic mode exploit, but is quite unpleasant. So don't ignore it.
Learn More
Nedap Librix has been found to have a critical authentication vulnerability in their Ecoreader product line that could enable remote code execution.
The vulnerability is tracked as CVE-2024-12757 (CVSS score 9.3) - Missing Authentication for Critical Functio - allows an unauthenticated attacker to potentially execute malicious code on affected systems. The vulnerability affects all versions of the Ecoreader product, which is deployed worldwide.
The issue was reported to CISA by Cyble. Nedap Librix, headquartered in the Netherlands, has not responded to coordination attempts, leaving the vulnerability unpatched.
While no public exploitation has been reported to CISA at the time of the advisory's publication on January 7, 2025, users are advised to minimize network exposure of devices, isolate affected systems from business networks and access them via VPN when necessary.
