As part security assessment of the company’s operational technology environment, our team of specialized OT Penetration Testers uncovered three vulnerabilities that could have had serious consequences if discovered by malicious actors. More specifically, Limes Security’s industrial cybersecurity experts identified three critical vulnerabilities (published as CVE-2025-0416, CVE-2025-0417 and CVE-2025-0418) that could allow an attacker to gain unrestricted access, read plaintext passwords, or escalate privileges to take full control of the system.
This successful assessment highlights both the value of proactive security testing and Limes Security’s expertise in industrial control system penetration testing. The vulnerabilities discovered presented real risks to operational continuity, data integrity, and system security. This article shares the findings, their potential impact, and how our collaborative approach to disclosure helped secure critical infrastructure for all Valmet DNA users worldwide.
Lack of protection against brute force attacks
An arbitrary number of login attempts can be made via the Valmet DNA operator user interface without the user being blocked.
CVSS v4.0 Score
The affected application does not properly sanitize input data before sending it to the SQL server. This could allow an attacker with access to the application could use this vulnerability to execute malicious SQL commands to compromise the whole database.
A properly configured firewall helps to prevent unauthorized access from untrusted networks to the system. The availability to operate should always be evaluated according industry best practices.
The new version is available from Valmet Automation Customer Service.
User passwords in plain text
Passwords of Valmet DNA users are stored in plain text within the Valmet DNA function blocks.
CVSS v4.0 Score
This practice poses a security risk as attackers who gain access to local project data can read the passwords.
A properly configured firewall helps to prevent unauthorized access from untrusted networks to the system.
The solution is available from Valmet Automation Customer Service.
Local privilege escalation through insecure DCOM configuration
It is possible to gain SYSTEM privileges as any local user via a permission issue in the DCOM object.
CVSS v4.0 Score
The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege is a Windows permission that allows a process to impersonate another user. An attacker can use this vulnerability to escalate their privileges and take complete control of the system.
The new version of Valmet DNA is now available through Valmet Automation Customer Service and should be implemented immediately.
