{"id":207234,"date":"2026-01-28T03:38:00","date_gmt":"2026-01-28T08:38:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/01\/28\/claroty-team82-reveals-critical-rce-vulnerability-in-idis-cloud-manager-viewer-tied-to-spear-phishing-risk\/"},"modified":"2026-01-28T04:05:08","modified_gmt":"2026-01-28T09:05:08","slug":"claroty-team82-reveals-critical-rce-vulnerability-in-idis-cloud-manager-viewer-tied-to-spear-phishing-risk","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/01\/28\/claroty-team82-reveals-critical-rce-vulnerability-in-idis-cloud-manager-viewer-tied-to-spear-phishing-risk\/","title":{"rendered":"Claroty Team82 reveals critical RCE vulnerability in IDIS Cloud Manager Viewer tied to spear-phishing risk"},"content":{"rendered":"<p><a href=\"https:\/\/industrialcyber.co\/industrial-cyber-attacks\/claroty-team82-reveals-critical-rce-vulnerability-in-idis-cloud-manager-viewer-tied-to-spear-phishing-risk\/\">Claroty Team82 reveals critical RCE vulnerability in IDIS Cloud Manager Viewer tied to spear-phishing risk<\/a><\/p>\n<p><a href=\"https:\/\/industrialcyber.co\/industrial-cyber-attacks\/claroty-team82-reveals-critical-rce-vulnerability-in-idis-cloud-manager-viewer-tied-to-spear-phishing-risk\/\">https:\/\/industrialcyber.co\/industrial-cyber-attacks\/claroty-team82-reveals-critical-rce-vulnerability-in-idis-cloud-manager-viewer-tied-to-spear-phishing-risk\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-01-28 03:38:00<\/a><\/p>\n<p>Source Domain: <a href=\"industrialcyber.co\">industrialcyber.co<\/a><\/p>\n<p>New research from Claroty\u2019s Team82 unit uncovered a new vulnerability in the IDIS Cloud Manager (ICM) viewer, where an attacker could develop an exploit whereby if a user clicks on an untrusted link, the attack would execute on the machine hosting the ICM Viewer. IDIS has called upon users who continue to use the ICM Viewer to upgrade devices to v1.7.1; failing which, they should uninstall it immediately. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued CVE-2025-12556 with a CVSS v4 score of 8.7.\u00a0<\/p>\n<p>\u201cClicking on untrusted links is widely recognized as a bad practice, and users are routinely educated to avoid doing so,\u201d Vera Mens, security researcher at Claroty, wrote in a Tuesday blog post. \u201cHowever, under normal circumstances, even if a victim is tricked into visiting an attacker-controlled website, the attacker is typically limited to executing JavaScript within the context of the victim\u2019s browser, which is heavily sandboxed. This vulnerability, however, allows an attacker to escalate beyond the browser sandbox to achieve code execution on the host, introducing a significant security risk.\u201d\u00a0<\/p>\n<p>She noted that this renders the vulnerability as a 1-click RCE vulnerability, introducing an interesting attack scenario in which a spear-phishing attack could easily be leveraged into a full compromise of the victim\u2019s computer, giving attackers a leg-in to the victim\u2019s network.<\/p>\n<p>\u201cIf exploited, the vulnerability could allow an attacker to execute arbitrary code within the context of the host machine. IDIS ICM runs on a Windows machine connected to the cloud in order to view live video feeds, recordings, and search images,\u201d according to Mens. \u201cAn attacker would be in control of the host machine and have the ability to execute code, or use that machine as a jumping off point for lateral movement to compromise other endpoints on the network, including other surveillance cameras.\u201d<\/p>\n<p>When WCMViewer[dot]exe is&#8230;<\/p>\n<p><a href=\"https:\/\/industrialcyber.co\/industrial-cyber-attacks\/claroty-team82-reveals-critical-rce-vulnerability-in-idis-cloud-manager-viewer-tied-to-spear-phishing-risk\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Claroty Team82 reveals critical RCE vulnerability in IDIS Cloud Manager Viewer tied to spear-phishing risk&#8230;<\/p>\n","protected":false},"author":1,"featured_media":207235,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/industrialcyber.co\/wp-content\/uploads\/2025\/02\/2025.02.27-Clarotys-Team82-reveals-vulnerabilities-in-Windows-CE-putting-industrial-systems-at-risk.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[90,25,57,27],"class_list":["post-207234","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cve","tag-phishing","tag-security","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/207234"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=207234"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/207234\/revisions"}],"predecessor-version":[{"id":207236,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/207234\/revisions\/207236"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/207235"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=207234"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=207234"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=207234"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}