Refine your search
15 vulnerabilities found for by Weidmueller
CVE-2025-41712 (GCVE-0-2025-41712)
Vulnerability from cvelistv5
Published
2026-03-10 08:27
Modified
2026-03-10 16:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Summary
An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get access to sensitive information on the device. This is a result of incorrect permission assignment for the web server.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Janitza | UMG 96RM-E 24V(5222063) |
Version: 0.0 < |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41712",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T15:35:50.983890Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T16:51:35.020Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UMG 96RM-E 24V(5222063)",
"vendor": "Janitza",
"versions": [
{
"lessThanOrEqual": "3.13",
"status": "affected",
"version": "0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UMG 96RM-E 230V(5222062)",
"vendor": "Janitza",
"versions": [
{
"lessThanOrEqual": "3.13",
"status": "affected",
"version": "0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ENERGY METER 750-230 (2540910000)",
"vendor": "Weidmueller",
"versions": [
{
"lessThanOrEqual": "3.13",
"status": "affected",
"version": "0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ENERGY METER 750-24 (2540900000)",
"vendor": "Weidmueller",
"versions": [
{
"lessThanOrEqual": "3.13",
"status": "affected",
"version": "0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Deutsche Telekom Security (DT Security)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get access to sensitive information on the device. This is a result of incorrect permission assignment for the web server.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get access to sensitive information on the device. This is a result of incorrect permission assignment for the web server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T08:27:10.120Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://certvde.com/en/advisories/VDE-2025-079/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://certvde.com/en/advisories/VDE-2025-096/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://janitza.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-079.json"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-096.json"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Incorrect Permission Assignment on power analyzer",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41712",
"datePublished": "2026-03-10T08:27:10.120Z",
"dateReserved": "2025-04-16T11:17:48.311Z",
"dateUpdated": "2026-03-10T16:51:35.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41711 (GCVE-0-2025-41711)
Vulnerability from cvelistv5
Published
2026-03-10 08:26
Modified
2026-03-10 16:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Summary
An unauthenticated remote attacker can use firmware images to extract password hashes and brute force plaintext passwords of accounts with limited access.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Janitza | UMG 96RM-E 24V(5222063) |
Version: 0.0 < |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41711",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T15:57:57.426147Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T16:51:40.984Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UMG 96RM-E 24V(5222063)",
"vendor": "Janitza",
"versions": [
{
"lessThanOrEqual": "3.13",
"status": "affected",
"version": "0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UMG 96RM-E 230V(5222062)",
"vendor": "Janitza",
"versions": [
{
"lessThanOrEqual": "3.13",
"status": "affected",
"version": "0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ENERGY METER 750-230 (2540910000)",
"vendor": "Weidmueller",
"versions": [
{
"lessThanOrEqual": "3.13",
"status": "affected",
"version": "0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ENERGY METER 750-24 (2540900000)",
"vendor": "Weidmueller",
"versions": [
{
"lessThanOrEqual": "3.13",
"status": "affected",
"version": "0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Deutsche Telekom Security (DT Security)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn unauthenticated remote attacker can use firmware images to extract password hashes and brute force plaintext passwords of accounts with limited access.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "An unauthenticated remote attacker can use firmware images to extract password hashes and brute force plaintext passwords of accounts with limited access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T08:26:48.759Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://certvde.com/en/advisories/VDE-2025-079/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://certvde.com/en/advisories/VDE-2025-096/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://janitza.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-079.json"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-096.json"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Use of a Broken or Risky Cryptographic Algorithm for firmware images of power analyzer",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41711",
"datePublished": "2026-03-10T08:26:48.759Z",
"dateReserved": "2025-04-16T11:17:48.311Z",
"dateUpdated": "2026-03-10T16:51:40.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41710 (GCVE-0-2025-41710)
Vulnerability from cvelistv5
Published
2026-03-10 08:26
Modified
2026-03-10 16:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-798 - Use of Hard-coded Credentials
Summary
An unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server with limited read and write privileges.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Janitza | UMG 96RM-E 24V(5222063) |
Version: 0.0 < |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41710",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T15:57:59.951313Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T16:51:47.193Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UMG 96RM-E 24V(5222063)",
"vendor": "Janitza",
"versions": [
{
"lessThanOrEqual": "3.13",
"status": "affected",
"version": "0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UMG 96RM-E 230V(5222062)",
"vendor": "Janitza",
"versions": [
{
"lessThanOrEqual": "3.13",
"status": "affected",
"version": "0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ENERGY METER 750-230 (2540910000)",
"vendor": "Weidmueller",
"versions": [
{
"lessThanOrEqual": "3.13",
"status": "affected",
"version": "0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ENERGY METER 750-24 (2540900000)",
"vendor": "Weidmueller",
"versions": [
{
"lessThanOrEqual": "3.13",
"status": "affected",
"version": "0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Deutsche Telekom Security (DT Security)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server with limited read and write privileges.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "An unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server with limited read and write privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T08:26:30.909Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://certvde.com/en/advisories/VDE-2025-079/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://certvde.com/en/advisories/VDE-2025-096/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://janitza.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-079.json"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-096.json"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Use of Hard-coded Credentials in power analyzer",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41710",
"datePublished": "2026-03-10T08:26:30.909Z",
"dateReserved": "2025-04-16T11:17:48.311Z",
"dateUpdated": "2026-03-10T16:51:47.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41709 (GCVE-0-2025-41709)
Vulnerability from cvelistv5
Published
2026-03-10 08:26
Modified
2026-03-18 08:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
An unauthenticated remote attacker can perform a command injection via Modbus-TCP or Modbus-RTU to gain read and write access on the affected device.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Janitza | UMG 96RM-E 24V(5222063) |
Version: 0.0 < |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41709",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T15:58:49.458010Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T16:51:53.333Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UMG 96RM-E 24V(5222063)",
"vendor": "Janitza",
"versions": [
{
"lessThanOrEqual": "3.13",
"status": "affected",
"version": "0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UMG 96RM-E 230V(5222062)",
"vendor": "Janitza",
"versions": [
{
"lessThanOrEqual": "3.13",
"status": "affected",
"version": "0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ENERGY METER 750-230 (2540910000)",
"vendor": "Weidmueller",
"versions": [
{
"lessThanOrEqual": "3.13",
"status": "affected",
"version": "0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ENERGY METER 750-24 (2540900000)",
"vendor": "Weidmueller",
"versions": [
{
"lessThanOrEqual": "3.13",
"status": "affected",
"version": "0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Deutsche Telekom Security (DT Security)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn unauthenticated remote attacker can perform a command injection via Modbus-TCP or Modbus-RTU to gain read and write access on the affected device.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "An unauthenticated remote attacker can perform a command injection via Modbus-TCP or Modbus-RTU to gain read and write access on the affected device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-18T08:16:28.698Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://certvde.com/en/advisories/VDE-2025-079/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://certvde.com/en/advisories/VDE-2025-096/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://janitza.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-079.json"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-096.json"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command injection in power analyzer via Modbus-TCP and Modbus-RTU",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41709",
"datePublished": "2026-03-10T08:26:14.936Z",
"dateReserved": "2025-04-16T11:17:48.311Z",
"dateUpdated": "2026-03-18T08:16:28.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41687 (GCVE-0-2025-41687)
Vulnerability from cvelistv5
Published
2025-07-23 08:23
Modified
2025-07-23 14:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Summary
An unauthenticated remote attacker may use a stack based buffer overflow in the u-link Management API to gain full access on the affected devices.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Weidmueller | IE-SR-2TX-WL |
Version: V0.0 ≤ |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41687",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-23T14:03:42.190289Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T14:03:59.533Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IE-SR-2TX-WL",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "V1.49",
"status": "affected",
"version": "V0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SR-2TX-WL-4G-EU",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "V1.62",
"status": "affected",
"version": "V0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SR-2TX-WL-4G-US-V",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "V1.62",
"status": "affected",
"version": "V0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Reid Wightman of Dragos Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker may use a stack based buffer overflow in the u-link Management API to gain full access on the affected devices.\u003cbr\u003e"
}
],
"value": "An unauthenticated remote attacker may use a stack based buffer overflow in the u-link Management API to gain full access on the affected devices."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T08:23:52.447Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-052"
}
],
"source": {
"advisory": "VDE-2025-052",
"defect": [
"CERT@VDE#641805"
],
"discovery": "UNKNOWN"
},
"title": "Weidmueller: Unauthenticated Stack-Based Buffer Overflow in u-link Management API",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41687",
"datePublished": "2025-07-23T08:23:52.447Z",
"dateReserved": "2025-04-16T11:17:48.309Z",
"dateUpdated": "2025-07-23T14:03:59.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41684 (GCVE-0-2025-41684)
Vulnerability from cvelistv5
Published
2025-07-23 08:23
Modified
2025-07-23 14:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface (endpoint tls_iotgen_setting).
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Weidmueller | IE-SR-2TX-WL |
Version: V0.0 ≤ |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41684",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-23T14:04:14.287350Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T14:04:20.683Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IE-SR-2TX-WL",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "V1.49",
"status": "affected",
"version": "V0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SR-2TX-WL-4G-EU",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "V1.62",
"status": "affected",
"version": "V0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SR-2TX-WL-4G-US-V",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "V1.62",
"status": "affected",
"version": "V0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Reid Wightman of Dragos Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface (endpoint tls_iotgen_setting)."
}
],
"value": "An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface (endpoint tls_iotgen_setting)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T08:23:28.046Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-052"
}
],
"source": {
"advisory": "VDE-2025-052",
"defect": [
"CERT@VDE#641805"
],
"discovery": "UNKNOWN"
},
"title": "Weidmueller: Root Command Injection via Unsanitized Input in tls_iotgen_setting Endpoint",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41684",
"datePublished": "2025-07-23T08:23:28.046Z",
"dateReserved": "2025-04-16T11:17:48.309Z",
"dateUpdated": "2025-07-23T14:04:20.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41683 (GCVE-0-2025-41683)
Vulnerability from cvelistv5
Published
2025-07-23 08:22
Modified
2025-07-23 14:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface (endpoint event_mail_test).
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Weidmueller | IE-SR-2TX-WL |
Version: V0.0 ≤ |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41683",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-23T14:08:26.152424Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T14:08:32.342Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IE-SR-2TX-WL",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "V1.49",
"status": "affected",
"version": "V0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SR-2TX-WL-4G-EU",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "V1.62",
"status": "affected",
"version": "V0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SR-2TX-WL-4G-US-V",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "V1.62",
"status": "affected",
"version": "V0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Reid Wightman of Dragos Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface (endpoint event_mail_test).\u003cbr\u003e"
}
],
"value": "An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface (endpoint event_mail_test)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T08:22:48.380Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-052"
}
],
"source": {
"advisory": "VDE-2025-052",
"defect": [
"CERT@VDE#641805"
],
"discovery": "UNKNOWN"
},
"title": "Weidmueller: Root Command Injection via Unsanitized Input in event_mail_test Endpoint",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41683",
"datePublished": "2025-07-23T08:22:48.380Z",
"dateReserved": "2025-04-16T11:17:48.309Z",
"dateUpdated": "2025-07-23T14:08:32.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41663 (GCVE-0-2025-41663)
Vulnerability from cvelistv5
Published
2025-06-11 08:15
Modified
2025-07-24 14:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
For u-link Management API an unauthenticated remote attacker in a man-in-the-middle position can inject arbitrary commands in responses returned by WWH servers, which are then executed with elevated privileges. To get into such a position, clients would need to use insecure proxy configurations.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Weidmueller | IE-SR-2TX-WL |
Version: 0 ≤ |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41663",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T14:31:40.904178Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T14:32:41.460Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IE-SR-2TX-WL",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "V1.49",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SR-2TX-WL-4G-EU",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "V1.62",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SR-2TX-WL-4G-US-V",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "V1.62",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "ONEKEY Research Labs"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "For u-link Management API an unauthenticated remote attacker in a man-in-the-middle position can inject arbitrary commands in responses returned by WWH servers, which are then executed with elevated privileges. To get into such a position, clients would need to use insecure proxy configurations.\u003cbr\u003e"
}
],
"value": "For u-link Management API an unauthenticated remote attacker in a man-in-the-middle position can inject arbitrary commands in responses returned by WWH servers, which are then executed with elevated privileges. To get into such a position, clients would need to use insecure proxy configurations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T08:22:16.504Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/en/advisories/VDE-2025-052"
}
],
"source": {
"advisory": "VDE-2025-052",
"defect": [
"CERT@VDE#641805"
],
"discovery": "UNKNOWN"
},
"title": "Weidmueller: Security routers IE-SR-2TX are affected by Command Injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41663",
"datePublished": "2025-06-11T08:15:55.357Z",
"dateReserved": "2025-04-16T11:17:48.307Z",
"dateUpdated": "2025-07-24T14:32:41.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41661 (GCVE-0-2025-41661)
Vulnerability from cvelistv5
Published
2025-06-11 08:13
Modified
2025-07-24 14:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Summary
An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of Cross-Site Request Forgery (CSRF) protection.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Weidmueller | IE-SR-2TX-WL |
Version: 0 ≤ |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41661",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-11T13:34:48.717671Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T14:33:16.906Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IE-SR-2TX-WL",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "V1.49",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SR-2TX-WL-4G-EU",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "V1.62",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SR-2TX-WL-4G-US-V",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "V1.62",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "ONEKEY Research Labs"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of Cross-Site Request Forgery (CSRF) protection."
}
],
"value": "An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of Cross-Site Request Forgery (CSRF) protection."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T08:21:49.994Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/en/advisories/VDE-2025-052"
}
],
"source": {
"advisory": "VDE-2025-052",
"defect": [
"CERT@VDE#641805"
],
"discovery": "UNKNOWN"
},
"title": "Weidmueller: Security routers IE-SR-2TX are affected by CSRF",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41661",
"datePublished": "2025-06-11T08:13:27.237Z",
"dateReserved": "2025-04-16T11:17:48.307Z",
"dateUpdated": "2025-07-24T14:33:16.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41653 (GCVE-0-2025-41653)
Vulnerability from cvelistv5
Published
2025-05-27 08:38
Modified
2025-05-27 13:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-410 - Insufficient Resource Pool
Summary
An unauthenticated remote attacker can exploit a denial-of-service vulnerability in the device's web server functionality by sending a specially crafted HTTP request with a malicious header, potentially causing the server to crash or become unresponsive.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Weidmueller | IE-SW-VL05M-5TX |
Version: 0.0.0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41653",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-27T13:08:48.596317Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T13:12:39.961Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IE-SW-VL05M-5TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.6.32",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-VL05MT-5TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.6.32",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-VL08MT-8TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.5.36",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-VL08MT-5TX-1SC-2SCS",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.5.36",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-VL08MT-6TX-2SC",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.5.36",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-VL08MT-6TX-2ST",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.5.36",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-VL08MT-6TX-2SCS",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.5.36",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-PL10M-3GT-7TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.3.34",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-PL10MT-3GT-7TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.3.34",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-PL16M-16TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.4.32",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-PL16MT-16TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.4.32",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-PL18M-2GC-16TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.4.40",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-PL18MT-2GC-16TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.4.40",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker can exploit a denial-of-service vulnerability in the device\u0027s web server functionality by sending a specially crafted HTTP request with a malicious header, potentially causing the server to crash or become unresponsive."
}
],
"value": "An unauthenticated remote attacker can exploit a denial-of-service vulnerability in the device\u0027s web server functionality by sending a specially crafted HTTP request with a malicious header, potentially causing the server to crash or become unresponsive."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-410",
"description": "CWE-410 Insufficient Resource Pool",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T08:38:29.005Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/en/advisories/VDE-2025-044/"
}
],
"source": {
"advisory": "VDE-2025-044",
"defect": [
"CERT@VDE#641785"
],
"discovery": "UNKNOWN"
},
"title": "Weidmueller: Denial-of-Service Vulnerability in the web server functionality of Industrial Ethernet Switches",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41653",
"datePublished": "2025-05-27T08:38:29.005Z",
"dateReserved": "2025-04-16T11:17:48.306Z",
"dateUpdated": "2025-05-27T13:12:39.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41652 (GCVE-0-2025-41652)
Vulnerability from cvelistv5
Published
2025-05-27 08:38
Modified
2025-08-22 10:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-328 - Use of Weak Hash
Summary
The devices are vulnerable to an authentication bypass due to flaws in the authorization mechanism. An unauthenticated remote attacker could exploit this weakness by performing brute-force attacks to guess valid credentials or by using MD5 collision techniques to forge authentication hashes, potentially compromising the device.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Weidmueller | IE-SW-VL05M-5TX |
Version: 0.0.0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41652",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-27T13:14:16.971895Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T13:17:16.639Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IE-SW-VL05M-5TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.6.32",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-VL05MT-5TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.6.32",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-VL08MT-8TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.6.32",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-VL08MT-5TX-1SC-2SCS",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.5.36",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-VL08MT-6TX-2SC",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.5.36",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-VL08MT-6TX-2ST",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.5.36",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-VL08MT-6TX-2SCS",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.5.36",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-PL10M-3GT-7TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.3.34",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-PL10MT-3GT-7TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.3.34",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-PL16M-16TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.4.32",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-PL16MT-16TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.4.32",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-PL18M-2GC-16TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.4.40",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-PL18MT-2GC-16TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.4.40",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The devices are vulnerable to an authentication bypass due to flaws in the authorization mechanism. An unauthenticated remote attacker could exploit this weakness by performing brute-force attacks to guess valid credentials or by using MD5 collision techniques to forge authentication hashes, potentially compromising the device."
}
],
"value": "The devices are vulnerable to an authentication bypass due to flaws in the authorization mechanism. An unauthenticated remote attacker could exploit this weakness by performing brute-force attacks to guess valid credentials or by using MD5 collision techniques to forge authentication hashes, potentially compromising the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-328",
"description": "CWE-328 Use of Weak Hash",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T10:36:13.148Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/en/advisories/VDE-2025-044/"
}
],
"source": {
"advisory": "VDE-2025-044",
"defect": [
"CERT@VDE#641785"
],
"discovery": "UNKNOWN"
},
"title": "Weidmueller: Authentication Bypass Vulnerability in Industrial Ethernet Switches",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41652",
"datePublished": "2025-05-27T08:38:12.340Z",
"dateReserved": "2025-04-16T11:17:48.305Z",
"dateUpdated": "2025-08-22T10:36:13.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41651 (GCVE-0-2025-41651)
Vulnerability from cvelistv5
Published
2025-05-27 08:38
Modified
2025-05-27 13:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Summary
Due to missing authentication on a critical function of the devices an unauthenticated remote attacker can execute arbitrary commands, potentially enabling unauthorized upload or download of configuration files and leading to full system compromise.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Weidmueller | IE-SW-VL05M-5TX |
Version: 0.0.0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41651",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-27T13:24:17.307653Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T13:26:59.857Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IE-SW-VL05M-5TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.6.32",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-VL05MT-5TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.6.32",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-VL08MT-8TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.5.36",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-VL08MT-5TX-1SC-2SCS",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.5.36",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-VL08MT-6TX-2SC",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.5.36",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-VL08MT-6TX-2ST",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.5.36",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-VL08MT-6TX-2SCS",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.5.36",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-PL10M-3GT-7TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.3.34",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-PL10MT-3GT-7TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.3.34",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-PL16M-16TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.4.32",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-PL16MT-16TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.4.32",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-PL18M-2GC-16TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.4.40",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-PL18MT-2GC-16TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.4.40",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Due to missing authentication on a critical function of the devices an unauthenticated remote attacker can execute arbitrary commands, potentially enabling unauthorized upload or download of configuration files and leading to full system compromise."
}
],
"value": "Due to missing authentication on a critical function of the devices an unauthenticated remote attacker can execute arbitrary commands, potentially enabling unauthorized upload or download of configuration files and leading to full system compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T08:38:03.213Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/en/advisories/VDE-2025-044/"
}
],
"source": {
"advisory": "VDE-2025-044",
"defect": [
"CERT@VDE#641785"
],
"discovery": "UNKNOWN"
},
"title": "Weidmueller: Missing Authentication Vulnerability in Industrial Ethernet Switches",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41651",
"datePublished": "2025-05-27T08:38:03.213Z",
"dateReserved": "2025-04-16T11:17:48.305Z",
"dateUpdated": "2025-05-27T13:26:59.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41650 (GCVE-0-2025-41650)
Vulnerability from cvelistv5
Published
2025-05-27 08:37
Modified
2025-05-27 13:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1287 - Improper Validation of Specified Type of Input
Summary
An unauthenticated remote attacker can exploit input validation in cmd services of the devices, allowing them to disrupt system operations and potentially cause a denial-of-service.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Weidmueller | IE-SW-VL05M-5TX |
Version: 0.0.0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41650",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-27T13:37:42.461446Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T13:39:51.332Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IE-SW-VL05M-5TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.6.32",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-VL05MT-5TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.6.32",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-VL08MT-8TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.5.36",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-VL08MT-5TX-1SC-2SCS",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.5.36",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-VL08MT-6TX-2SC",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.5.36",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-VL08MT-6TX-2ST",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.5.36",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-VL08MT-6TX-2SCS",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.5.36",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-PL10M-3GT-7TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.3.34",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-PL10MT-3GT-7TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.3.34",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-PL16M-16TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.4.32",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-PL16MT-16TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.4.32",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-PL18M-2GC-16TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.4.40",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-PL18MT-2GC-16TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.4.40",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker can exploit input validation in cmd services of the devices, allowing them to disrupt system operations and potentially cause a denial-of-service."
}
],
"value": "An unauthenticated remote attacker can exploit input validation in cmd services of the devices, allowing them to disrupt system operations and potentially cause a denial-of-service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "CWE-1287 Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T08:37:44.635Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/en/advisories/VDE-2025-044/"
}
],
"source": {
"advisory": "VDE-2025-044",
"defect": [
"CERT@VDE#641785"
],
"discovery": "UNKNOWN"
},
"title": "Weidmueller: Denial-of-Service Vulnerability in Industrial Ethernet Switches",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41650",
"datePublished": "2025-05-27T08:37:44.635Z",
"dateReserved": "2025-04-16T11:17:48.305Z",
"dateUpdated": "2025-05-27T13:39:51.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41649 (GCVE-0-2025-41649)
Vulnerability from cvelistv5
Published
2025-05-27 08:37
Modified
2025-05-27 13:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
An unauthenticated remote attacker can exploit insufficient input validation to write data beyond the bounds of a buffer, potentially leading to a denial-of-service condition for the devices.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Weidmueller | IE-SW-VL05M-5TX |
Version: 0.0.0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41649",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-27T13:50:43.784206Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T13:57:42.958Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IE-SW-VL05M-5TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.6.32",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-VL05MT-5TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.6.32",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-VL08MT-8TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.5.36",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-VL08MT-5TX-1SC-2SCS",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.5.36",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-VL08MT-6TX-2SC",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.5.36",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-VL08MT-6TX-2ST",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.5.36",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-VL08MT-6TX-2SCS",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.5.36",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-PL10M-3GT-7TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.3.34",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-PL10MT-3GT-7TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.3.34",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-PL16M-16TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.4.32",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-PL16MT-16TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.4.32",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-PL18M-2GC-16TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.4.40",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-PL18MT-2GC-16TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.4.40",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker can exploit insufficient input validation to write data beyond the bounds of a buffer, potentially leading to a denial-of-service condition for the devices."
}
],
"value": "An unauthenticated remote attacker can exploit insufficient input validation to write data beyond the bounds of a buffer, potentially leading to a denial-of-service condition for the devices."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T08:37:26.201Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/en/advisories/VDE-2025-044/"
}
],
"source": {
"advisory": "VDE-2025-044",
"defect": [
"CERT@VDE#641785"
],
"discovery": "UNKNOWN"
},
"title": "Weidmueller: Out-of-Bounds Write Vulnerability in Industrial Ethernet Switches",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41649",
"datePublished": "2025-05-27T08:37:26.201Z",
"dateReserved": "2025-04-16T11:17:48.305Z",
"dateUpdated": "2025-05-27T13:57:42.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1393 (GCVE-0-2025-1393)
Vulnerability from cvelistv5
Published
2025-03-05 08:03
Modified
2025-03-05 14:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-798 - Use of Hard-coded Credentials
Summary
An unauthenticated remote attacker can use hard-coded credentials to gain full administration privileges on the affected product.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Weidmueller | PROCON-WIN |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1393",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T14:28:54.515626Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T14:29:03.639Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PROCON-WIN",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "5.7.14.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn unauthenticated remote attacker can use hard-coded credentials to gain full administration privileges on the affected product.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "An unauthenticated remote attacker can use hard-coded credentials to gain full administration privileges on the affected product."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T08:03:09.239Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/en/advisories/VDE-2025-021"
}
],
"source": {
"advisory": "VDE-2025-021",
"defect": [
"CERT@VDE#641750"
],
"discovery": "UNKNOWN"
},
"title": "Weidmueller: Authentication Vulnerability due to Hard-coded Credentials",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-1393",
"datePublished": "2025-03-05T08:03:09.239Z",
"dateReserved": "2025-02-17T10:11:56.475Z",
"dateUpdated": "2025-03-05T14:29:03.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}