MPDV MES Flaw Exposes Files in Unauthenticated Access

A newly disclosed vulnerability in MPDV Mikrolab’s manufacturing execution systems could allow unauthenticated local file access, raising concerns across industrial network environments. The MPDV MES flaw exposes sensitive data in MIP 2, FEDRA 2, and HYDRA X platforms, potentially compromising operational integrity in automated production systems.

SEC Consult identified the issue under CVE-2025-12055 and published technical details on the Full Disclosure mailing list on Oct. 29. Attackers can exploit the flaw without authentication, gaining access to local files that may contain critical configuration or operational information. The vulnerability affects systems commonly used in manufacturing process control.

The MPDV MES flaw exposes users to risks that could disrupt production or leak proprietary data, especially in facilities relying on these platforms for real-time execution. Security teams are advised to review access permissions and monitor for suspicious activity as mitigation steps.

Read the full disclosure from SEC Consult at
https://seclists.org/fulldisclosure/2025/Oct/28