Description
Device Monitoring Studio 8.10.00.8925 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the server connection dialog. Attackers can trigger the crash by entering a malformed server name or address containing repeated characters through the Tools menu Connect to New Server interface.
Published: 2026-03-30
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

Device Monitoring Studio version 8.10.00.8925 is vulnerable to a denial of service condition triggered by a local attacker who supplies an excessively long string as a server name or address in the Connect to New Server dialog. The malformed input causes the application to crash, resulting in an interruption of service. The vulnerability is an instance of improper handling of user supplied data that leads to resource exhaustion and is classified as CWE-1316.

Affected Systems

The affected product is Device Monitoring Studio 8.10.00.8925 from the vendor HDD. No other affected versions are listed in the available data.

Risk and Exploitability

The CVSS score of 6.9 denotes a moderate severity. Because the exploit requires local access to the application and is not tracked in the CISA KEV catalog, immediate exploitation is unlikely but the impact on availability can be significant for users relying on the application. The attacker must have local privilege to access the Tools menu; no remote vectors are documented. The overall risk remains moderate given the local nature of the attack and the lack of public exploitation evidence.

Generated by OpenCVE AI on March 30, 2026 at 12:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑issued patch or upgrade to a newer version of Device Monitoring Studio that removes the long‑string handling bug.

Generated by OpenCVE AI on March 30, 2026 at 12:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Hdd
Hdd device Monitoring Studio
Vendors & Products Hdd
Hdd device Monitoring Studio

Mon, 30 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 30 Mar 2026 11:15:00 +0000

Type Values Removed Values Added
Description Device Monitoring Studio 8.10.00.8925 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the server connection dialog. Attackers can trigger the crash by entering a malformed server name or address containing repeated characters through the Tools menu Connect to New Server interface.
Title Device Monitoring Studio 8.10.00.8925 Denial of Service
Weaknesses CWE-1316
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Hdd Device Monitoring Studio
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-30T15:59:12.396Z

Reserved: 2026-03-30T10:57:02.702Z

Link: CVE-2019-25655

cve-icon Vulnrichment

Updated: 2026-03-30T15:59:07.241Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-30T12:16:18.380

Modified: 2026-03-30T13:26:07.647

Link: CVE-2019-25655

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:40:57Z

Weaknesses