What vulnerabilities did CISA report in LS Electric's GMWin 4?

CISA reported multiple vulnerabilities affecting LS Electric's GMWin 4 programming software, including CVE-2025-49850 (Heap-based Buffer Overflow), CVE-2025-49849 (Out-of-bounds Read), and CVE-2025-49848 (Out-of-bounds Write). All have CVSS scores varying from 8.4 to 9.8, indicating high to critical severity.

What is CVE-2025-49850?

CVE-2025-49850 is a Heap-based Buffer Overflow vulnerability with CVSS scores varying from 8.4 to 9.8. This flaw enables attackers to corrupt memory structures, potentially leading to complete compromise of the affected system.

What is CVE-2025-49849?

CVE-2025-49849 is an Out-of-bounds Read vulnerability with CVSS scores varying from 8.4 to 9.8. This flaw allows unauthorized access to memory locations beyond allocated boundaries, potentially exposing sensitive information or system configurations.

What is CVE-2025-49848?

CVE-2025-49848 is an Out-of-bounds Write vulnerability with CVSS scores varying from 8.4 to 9.8. It allows attackers to modify memory content in unintended locations, which could result in system instability or unauthorized code execution.

Do these vulnerabilities require remote access to exploit?

No, all vulnerabilities require local access to be exploited. Attackers would need direct access to the system running GMWin 4 or the ability to get malicious PRJ files processed by the software.

Which version of GMWin 4 is affected by these vulnerabilities?

The vulnerabilities affect GMWin 4 version 4.18. Organizations running this version should take immediate action to address these security risks.

Will LS Electric provide patches for these GMWin 4 vulnerabilities?

No, LS Electric has officially discontinued GMWin 4 and no longer provides service or support for the software. This means no security patches will be developed for these vulnerabilities.

Why are these vulnerabilities particularly concerning for industrial environments?

These vulnerabilities are concerning because GMWin 4 is used for configuring PLCs in critical manufacturing environments worldwide. Successful exploitation could compromise industrial control systems, potentially affecting production operations, safety systems, and critical infrastructure.

What should organizations using GMWin 4 do immediately?

Organizations should plan for immediate migration away from GMWin 4 to LS Electric's XGT series, implement additional security controls around systems running GMWin 4, restrict access to PRJ project files, monitor for suspicious activity, and consider air-gapping systems running the vulnerable software until migration is complete.

Advisory

CISA warns of vulnerabilities in discontinued LS Electric GMWin 4 programming software

Q: What is LS Electric GMWin 4?

GMWin 4 is programming software developed by LS Electric, a tool widely used for configuring programmable logic controllers (PLCs) in critical manufacturing environments worldwide. It allows engineers to program and configure industrial control systems.

Q: What does LS Electric recommend for GMWin 4 users?

LS Electric strongly recommends that all users migrate to their modern XGT series as a replacement solution, which offers ongoing support and active development. This migration is essential given the discontinued status of GMWin 4.

published: June 18, 2025

Take action: If you're using LS Electric's GMWin 4 software, be aware that it's discontinued and has serious security flaws and no patches coming. Plan to migrate to their newer XGT series. In the meantime isolate any GMWin 4 systems from network access until you can replace them and control access to them only to trusted individuals.

Learn More

CISA is reporting multiple vulnerabilities affecting LS Electric's GMWin 4 programming software, a tool widely used for configuring programmable logic controllers (PLCs) in critical manufacturing environments worldwide.

Vulbnerabilities summary

CVE-2025-49850 (CVSS score varies from 8.4 to 9.8) - Heap-based Buffer Overflow. This flaw enables attackers to corrupt memory structures, potentially leading to complete compromise of the affected system.
CVE-2025-49849 (CVSS score varies from 8.4 to 9.8) - Out-of-bounds Read. This flaw allows unauthorized access to memory locations beyond allocated boundaries, potentially exposing sensitive information or system configurations.
CVE-2025-49848 (CVSS score varies from 8.4 to 9.8) - Out-of-bounds Write. It allows attackers to modify memory content in unintended locations, which could result in system instability or unauthorized code execution.

All three security flaws stem from improper validation of user-supplied data during the parsing of PRJ project files, which are integral to GMWin's core functionality. All vulnerabilities require local access to be exploited.

The vulnerabilities affect GMWin 4 version 4.18

LS Electric, headquartered in South Korea, has officially discontinued GMWin 4 and no longer provides service or support for the software. The company strongly recommends that all users migrate to their modern XGT series as a replacement solution, which offers ongoing support and active development.

CISA warns of vulnerabilities in discontinued LS Electric GMWin 4 programming software

Read More
Rockwell Automation patches critical flaws in ThinManager ThinServer
OS command Injection flaw reported in MegaSys Enterprises …
INEA reports critical vulnerability in ME RTU device
Baxter reports two critical vulnerabilities in Connex Health …
Critical flaw reported in Hunt Electronics DVR Systems …