CISA issues alert on Opto 22 groov View vulnerabilities exposing sensitive data

Security flaws have been identified in Opto 22's groov View server and related firmware, presenting risks that include disclosure of sensitive data and unauthorized privilege increases. These vulnerabilities are associated with specific versions of groov View Server for Windows and GRV-EPIC firmware.

The affected groov View Server versions span from R1.0a through R4.5d for Windows, while GRV-EPIC-PR1 and GRV-EPIC-PR2 firmware versions are vulnerable if they precede 4.0.3. An endpoint within the groov View Application Programming Interface (API), requiring Editor-level access, exposes a user list along with metadata that includes API keys for all users, encompassing Administrators. This issue has been cataloged as CVE-2025-13084. Under Common Vulnerability Scoring System (CVSS) version 3.1, it holds a base score of 7.6, characterized by attributes including network exploitability and low complexity. The same vulnerability attains a base score of 6.1 when evaluated through CVSS version 4.

Exploitation of these vulnerabilities could result in exposure of credentials and keys, which may lead to privilege escalation within the system.

Opto 22 has addressed the vulnerabilities by issuing updates: groov View Server version R4.5e for Windows and GRV-EPIC firmware version 4.0.3. Users are encouraged to upgrade to these releases to mitigate the exposure.

Recommendations include reducing the exposure of control system devices by isolating them from internet access, deploying firewalls to separate control networks from business networks, and securely managing remote access using virtual private networks that are regularly updated. Organizations are advised to conduct impact assessments prior to implementing countermeasures and to follow established cybersecurity practices applicable to industrial control systems.