Danfoss security advisories

Stay informed about vulnerabilities that may impact Danfoss products and services.

2025

Advisory-ID	Assigned CVE-ID	Title	Affected products and services	Recommendation	Last update
DSA-2025-12-01	N/A	Danfoss MCT10 Installer Bundles Unused MSXML 3.0 with Known Security Issues	Danfoss MCT10 Installer prior to version 6.20_build_7483_RC_signed	Install newest version of MCT10 through Tools - MyDrive® Suite	2025-12-10
DSA-2025-08-01	CVE-2025-41451 CVE-2025-41452	Post-Authentication Vulnerabilities - OS Command Injection RCE and Nginx Configuration Injection in Danfoss AK-SM8xxA Series.	Danfoss AK-SM 8xxA Series prior to version 4.3.1	Install the latest software version through AK-SM 8xxA Series \| Danfoss.	2025-8-01
DSA-2025-03-01	CVE-2025-41450	Improper Authentication vulnerability in Danfoss AK-SM8xxA Series, resulting in an authentication bypass.	Danfoss AK-SM 8xxA Series prior to version 4.2	Install the latest software version through AK-SM 8xxA Series \| Danfoss.	2025-3-24

2023

Advisory-ID	Assigned CVE-ID	Title	Affected products and services	Recommendation	Last update
DSA-2023-08-01	CVE-2023-25913 CVE-2023-25914 CVE-2023-25915	Insufficient restrictions and input sanitization exist in Danfoss AK-SM 800A, potentially leading to full system compromise	Danfoss AK-SM 800A all Series with SW version below/before 3.3	Install the latest software version through AK-SM 800A Series \| Danfoss.	21 Aug, 2023
DSA-2023-05-01	CVE-2023-22583 CVE-2023-22584 CVE-2023-22585 CVE-2023-22586 CVE-2023-25911 CVE-2023-25912	Multiple vulnerabilities including critical ones exist in Danfoss AK-EM 100, potentially leading to unauthorized access and full system compromise	Danfoss AK-EM 100 all Series	phase out Danfoss AK-EM 100, upgrade to AK-SM 800A in combination with Alsense cloud service.	25 May, 2023