CVE-2025-9964

UNKNOWN 0.0

Weak Authentication for Root User

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

7th

No password for the root user is set in Novakon P series. This allows phyiscal attackers to enter the console easily. This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 (commit d0f97fd9).

CWE	CWE-521
Vendor	novakon
Product	p series (p07, p10, p12, p15)
Published	Sep 23, 2025
Last Updated	Mar 31, 2026

Stay Ahead of the Next One

Get instant alerts for novakon p series (p07, p10, p12, p15)

Be the first to know when new unknown vulnerabilities affecting novakon p series (p07, p10, p12, p15) are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Novakon / P series (P07, P10, P12, P15)

P – V2001.A.c518o2 ≤ P-V2005

References

NVD ↗ CVE.org ↗ EPSS Data ↗

cyberdanube.com: https://cyberdanube.com/security-research/multiple-vulnerabilities-in-novakon-hmi-series/ novakon.com.tw: https://www.novakon.com.tw/en/news/detail/Security_Advisory__Firmware_Update_Available_for_NOVAKON_P_Series_HMI_Products novakon.com.tw: https://www.novakon.com.tw/common/frontend/download?path=/uploads/images/support/download/NOVAKON_P-Series-HMI_Security-Advisory_CVE-2025-9962-9966_Rev2_0.pdf seclists.org: http://seclists.org/fulldisclosure/2025/Sep/70

Credits

S. Dietz (CyberDanube)