Cw0057 Reaction Wheel
Monthly
Improper cryptographic signature verification in the CubeSpace CW0057 Reaction Wheel firmware (versions prior to 5.0.20) permits an attacker with physical access to flash arbitrary, unsigned firmware onto the device without any authentication. This affects a safety-critical spacecraft attitude control component used in CubeSat and small satellite missions, where unauthorized firmware replacement could cause mission-critical failures including attitude loss or uncontrolled spacecraft behavior. A proof-of-concept exploit exists (indicated by E:P in the CVSS 4.0 supplemental vector); no active exploitation has been confirmed by CISA KEV at time of analysis.
Improper cryptographic signature verification in the CubeSpace CW0057 Reaction Wheel firmware (versions prior to 5.0.20) permits an attacker with physical access to flash arbitrary, unsigned firmware onto the device without any authentication. This affects a safety-critical spacecraft attitude control component used in CubeSat and small satellite missions, where unauthorized firmware replacement could cause mission-critical failures including attitude loss or uncontrolled spacecraft behavior. A proof-of-concept exploit exists (indicated by E:P in the CVSS 4.0 supplemental vector); no active exploitation has been confirmed by CISA KEV at time of analysis.