Search criteria
519 vulnerabilities
CVE-2025-41742 (GCVE-0-2025-41742)
Vulnerability from cvelistv5 – Published: 2025-12-02 10:39 – Updated: 2025-12-02 16:54
VLAI?
Summary
Sprecher Automations SPRECON-E-C, SPRECON-E-P, SPRECON-E-T3 is vulnerable to attack by an unauthorized remote attacker via default cryptographic keys. The use of these keys allows the attacker to read, modify, and write projects and data, or to access any device via remote maintenance.
Severity ?
9.8 (Critical)
CWE
- CWE-1394 - Use of Default Cryptographic Key
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Sprecher Automation | SPRECON-E-C |
Affected:
*
|
||||||||||||
|
||||||||||||||
Credits
Sec-Consult Security Labs
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41742",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T16:53:16.856849Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:54:31.534Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SPRECON-E-C",
"vendor": "Sprecher Automation",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SPRECON-E-P",
"vendor": "Sprecher Automation",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SPRECON-E-T3",
"vendor": "Sprecher Automation",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sec-Consult Security Labs"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sprecher Automations SPRECON-E-C, \u0026nbsp;SPRECON-E-P, SPRECON-E-T3\u0026nbsp;is vulnerable to attack by an unauthorized remote attacker via default cryptographic keys. The use of these keys allows the attacker to read, modify, and write projects and data, or to access any device via remote maintenance."
}
],
"value": "Sprecher Automations SPRECON-E-C, \u00a0SPRECON-E-P, SPRECON-E-T3\u00a0is vulnerable to attack by an unauthorized remote attacker via default cryptographic keys. The use of these keys allows the attacker to read, modify, and write projects and data, or to access any device via remote maintenance."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1394",
"description": "CWE-1394 Use of Default Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T10:39:08.982Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/SPR-2511042_de.pdf"
}
],
"source": {
"defect": [
"CERT@VDE#641892"
],
"discovery": "UNKNOWN"
},
"title": "Sprecher Automation: SPRECON-E series has a critical vulnerability due to the use of static cryptographic keys in system components",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41742",
"datePublished": "2025-12-02T10:39:08.982Z",
"dateReserved": "2025-04-16T11:17:48.321Z",
"dateUpdated": "2025-12-02T16:54:31.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41743 (GCVE-0-2025-41743)
Vulnerability from cvelistv5 – Published: 2025-12-02 10:38 – Updated: 2025-12-02 16:54
VLAI?
Summary
Insufficient encryption strength in Sprecher Automation SPRECON-E-C, SPRECON-E-P, and SPRECON-E-T3 allows a local unprivileged attacker to extract data from update images and thus obtain limited information about the architecture and internal processes.
Severity ?
4 (Medium)
CWE
- CWE-326 - Inadequate Encryption Strength
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Sprecher Automation | SPRECON-E-C |
Affected:
1.0 , < 9.0
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Sec-Consult Security Labs
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41743",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T16:50:29.885950Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:54:38.071Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SPRECON-E-C",
"vendor": "Sprecher Automation",
"versions": [
{
"lessThan": "9.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SPRECON-E-P",
"vendor": "Sprecher Automation",
"versions": [
{
"lessThan": "9.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SPRECON-E-T3",
"vendor": "Sprecher Automation",
"versions": [
{
"lessThan": "9.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sec-Consult Security Labs"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient encryption strength in Sprecher Automation SPRECON-E-C, SPRECON-E-P, and SPRECON-E-T3 allows a local unprivileged attacker to extract data from update images and thus obtain limited information about the architecture and internal processes."
}
],
"value": "Insufficient encryption strength in Sprecher Automation SPRECON-E-C, SPRECON-E-P, and SPRECON-E-T3 allows a local unprivileged attacker to extract data from update images and thus obtain limited information about the architecture and internal processes."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-326",
"description": "CWE-326 Inadequate Encryption Strength",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T10:38:51.692Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/SPR-2511043_de.pdf"
}
],
"source": {
"defect": [
"CERT@VDE#641892"
],
"discovery": "UNKNOWN"
},
"title": "Sprecher Automation: SPRECON-E series prone to weak encryption of update files",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41743",
"datePublished": "2025-12-02T10:38:51.692Z",
"dateReserved": "2025-04-16T11:17:48.321Z",
"dateUpdated": "2025-12-02T16:54:38.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41744 (GCVE-0-2025-41744)
Vulnerability from cvelistv5 – Published: 2025-12-02 10:38 – Updated: 2025-12-02 16:54
VLAI?
Summary
Sprecher Automations SPRECON-E series uses default cryptographic keys that allow an unprivileged remote attacker to access all encrypted communications, thereby compromising confidentiality and integrity.
Severity ?
9.1 (Critical)
CWE
- CWE-1394 - Use of Default Cryptographic Key
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Sprecher Automation | SPRECON-E-C |
Affected:
*
|
||||||||||||
|
||||||||||||||
Credits
Sec-Consult Security Labs
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41744",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T16:53:19.163444Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:54:47.037Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SPRECON-E-C",
"vendor": "Sprecher Automation",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SPRECON-E-P",
"vendor": "Sprecher Automation",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SPRECON-E-T3",
"vendor": "Sprecher Automation",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sec-Consult Security Labs"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sprecher Automations SPRECON-E series\u0026nbsp;uses default cryptographic keys that allow an unprivileged remote attacker to access all encrypted communications, thereby compromising confidentiality and integrity."
}
],
"value": "Sprecher Automations SPRECON-E series\u00a0uses default cryptographic keys that allow an unprivileged remote attacker to access all encrypted communications, thereby compromising confidentiality and integrity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1394",
"description": "CWE-1394 Use of Default Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T10:38:47.489Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/SPR-2511043_de.pdf"
}
],
"source": {
"defect": [
"CERT@VDE#641892"
],
"discovery": "UNKNOWN"
},
"title": "Sprecher Automation: SPRECON-E series has static default key material for TLS connections",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41744",
"datePublished": "2025-12-02T10:38:47.489Z",
"dateReserved": "2025-04-16T11:17:48.321Z",
"dateUpdated": "2025-12-02T16:54:47.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41700 (GCVE-0-2025-41700)
Vulnerability from cvelistv5 – Published: 2025-12-01 10:02 – Updated: 2025-12-01 13:59
VLAI?
Summary
An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a CODESYS development system. This arbitrary code is executed in the user context.
Severity ?
7.8 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CODESYS | CODESYS Development System |
Affected:
0.0.0 , < 3.5.21.40
(semver)
|
Credits
MengyuXia from Beijing Aerospace Wanyuan Science & Technology Co, Ltd.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41700",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T13:25:21.754600Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T13:59:26.310Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CODESYS Development System",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.40",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "MengyuXia from Beijing Aerospace Wanyuan Science \u0026 Technology Co, Ltd."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a CODESYS development system. This arbitrary code is executed in the user context.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a CODESYS development system. This arbitrary code is executed in the user context."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T10:02:47.312Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-101"
}
],
"source": {
"advisory": "VDE-2025-101",
"defect": [
"CERT@VDE#641842"
],
"discovery": "UNKNOWN"
},
"title": "CODESYS Development System - Deserialization of Untrusted Data",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41700",
"datePublished": "2025-12-01T10:02:47.312Z",
"dateReserved": "2025-04-16T11:17:48.310Z",
"dateUpdated": "2025-12-01T13:59:26.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41738 (GCVE-0-2025-41738)
Vulnerability from cvelistv5 – Published: 2025-12-01 10:02 – Updated: 2025-12-01 14:00
VLAI?
Summary
An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition.
Severity ?
7.5 (High)
CWE
- CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| CODESYS | CODESYS Control RTE (SL) |
Affected:
3.5.18.0 , < 3.5.21.40
(semver)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41738",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T13:59:44.375519Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T14:00:28.509Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CODESYS Control RTE (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.40",
"status": "affected",
"version": "3.5.18.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control RTE (for Beckhoff CX) SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.40",
"status": "affected",
"version": "3.5.18.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control Win (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.40",
"status": "affected",
"version": "3.5.18.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS HMI (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.40",
"status": "affected",
"version": "3.5.18.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Remote Target Visu",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.40",
"status": "affected",
"version": "3.5.18.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Runtime Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.40",
"status": "affected",
"version": "3.5.18.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for BeagleBone SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.19.0.0",
"status": "affected",
"version": "4.5.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for emPC-A/iMX6 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.19.0.0",
"status": "affected",
"version": "4.5.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for IOT2000 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.19.0.0",
"status": "affected",
"version": "4.5.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for Linux ARM SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.19.0.0",
"status": "affected",
"version": "4.5.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for Linux SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.19.0.0",
"status": "affected",
"version": "4.5.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for PFC100 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.19.0.0",
"status": "affected",
"version": "4.5.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for PFC200 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.19.0.0",
"status": "affected",
"version": "4.5.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for PLCnext SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.19.0.0",
"status": "affected",
"version": "4.5.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for Raspberry Pi SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.19.0.0",
"status": "affected",
"version": "4.5.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for WAGO Touch Panels 600 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.19.0.0",
"status": "affected",
"version": "4.5.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Virtual Control SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.19.0.0",
"status": "affected",
"version": "4.5.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition.\u003cbr\u003e"
}
],
"value": "An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T10:02:33.407Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-100"
}
],
"source": {
"advisory": "VDE-2025-100",
"defect": [
"CERT@VDE#641889"
],
"discovery": "UNKNOWN"
},
"title": "CODESYS Control - Invalid type usage in visualization",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41738",
"datePublished": "2025-12-01T10:02:33.407Z",
"dateReserved": "2025-04-16T11:17:48.320Z",
"dateUpdated": "2025-12-01T14:00:28.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41739 (GCVE-0-2025-41739)
Vulnerability from cvelistv5 – Published: 2025-12-01 10:00 – Updated: 2025-12-01 10:00
VLAI?
Summary
An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially causing a denial of service.
Severity ?
5.9 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| CODESYS | CODESYS PLCHandler |
Affected:
3.5.21.0 , < 3.5.21.40
(semver)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
ABB AG
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CODESYS PLCHandler",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.40",
"status": "affected",
"version": "3.5.21.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Remote Target Visu",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.40",
"status": "affected",
"version": "3.5.21.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Runtime Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.40",
"status": "affected",
"version": "3.5.21.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for BeagleBone SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.19.0.0",
"status": "affected",
"version": "4.15.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for emPC-A/iMX6 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.19.0.0",
"status": "affected",
"version": "4.15.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for IOT2000 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.19.0.0",
"status": "affected",
"version": "4.15.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for Linux ARM SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.19.0.0",
"status": "affected",
"version": "4.15.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for Linux SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.19.0.0",
"status": "affected",
"version": "4.15.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for PFC100 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.19.0.0",
"status": "affected",
"version": "4.15.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for PFC200 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.19.0.0",
"status": "affected",
"version": "4.15.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for PLCnext SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.19.0.0",
"status": "affected",
"version": "4.15.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for Raspberry Pi SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.19.0.0",
"status": "affected",
"version": "4.15.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for WAGO Touch Panels 600 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.19.0.0",
"status": "affected",
"version": "4.15.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Edge Gateway for Linux",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.19.0.0",
"status": "affected",
"version": "4.15.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS TargetVisu for Linux SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.19.0.0",
"status": "affected",
"version": "4.15.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Virtual Control SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.19.0.0",
"status": "affected",
"version": "4.15.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "ABB AG"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially causing a denial of service.\u003cbr\u003e"
}
],
"value": "An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially causing a denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T10:00:44.373Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-099"
}
],
"source": {
"advisory": "VDE-2025-099",
"defect": [
"CERT@VDE#641888"
],
"discovery": "UNKNOWN"
},
"title": "CODESYS Control - Linux/QNX SysSocket flaw",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41739",
"datePublished": "2025-12-01T10:00:44.373Z",
"dateReserved": "2025-04-16T11:17:48.320Z",
"dateUpdated": "2025-12-01T10:00:44.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41729 (GCVE-0-2025-41729)
Vulnerability from cvelistv5 – Published: 2025-11-24 11:27 – Updated: 2025-11-24 13:16
VLAI?
Summary
An unauthenticated remote attacker can send a specially crafted Modbus read command to the device which leads to a denial of service.
Severity ?
7.5 (High)
CWE
- CWE-1287 - Improper Validation of Specified Type of Input
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Janitza | UMG 96-PA |
Affected:
0.0.0 , < 3.54
(semver)
|
|||||||
|
|||||||||
Credits
Milence - Commercial Vehicle Charging Europe B.V.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41729",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-24T13:15:50.089873Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T13:16:00.535Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UMG 96-PA",
"vendor": "Janitza",
"versions": [
{
"lessThan": "3.54",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UMG 96-PA-MID+",
"vendor": "Janitza",
"versions": [
{
"lessThan": "3.54",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Milence - Commercial Vehicle Charging Europe B.V."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker can send a specially crafted Modbus read command to the device which leads to a denial of service.\u003cbr\u003e"
}
],
"value": "An unauthenticated remote attacker can send a specially crafted Modbus read command to the device which leads to a denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "CWE-1287 Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T11:27:15.058Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-094"
}
],
"source": {
"advisory": "VDE-2025-094",
"defect": [
"CERT@VDE#641878"
],
"discovery": "UNKNOWN"
},
"title": "DoS via Modbus Read Command",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41729",
"datePublished": "2025-11-24T11:27:15.058Z",
"dateReserved": "2025-04-16T11:17:48.319Z",
"dateUpdated": "2025-11-24T13:16:00.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41737 (GCVE-0-2025-41737)
Vulnerability from cvelistv5 – Published: 2025-11-18 10:18 – Updated: 2025-11-18 20:50
VLAI?
Summary
Due to webserver misconfiguration an unauthenticated remote attacker is able to read the source of php modules.
Severity ?
7.5 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| METZ CONNECT | Energy-Controlling EWIO2-M |
Affected:
0.0.0 , < 2.2.0
(semver)
|
||||||||||||
|
||||||||||||||
Credits
Noam Moshe from Claroty Team82
Tomer Goldschmidt from Claroty Team82
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41737",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T20:50:44.756456Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T20:50:56.375Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Energy-Controlling EWIO2-M",
"vendor": "METZ CONNECT",
"versions": [
{
"lessThan": "2.2.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Energy-Controlling EWIO2-M-BM",
"vendor": "METZ CONNECT",
"versions": [
{
"lessThan": "2.2.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Ethernet-IO EWIO2-BM",
"vendor": "METZ CONNECT",
"versions": [
{
"lessThan": "2.2.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Noam Moshe from Claroty Team82"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Tomer Goldschmidt from Claroty Team82"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Due to webserver misconfiguration an unauthenticated remote attacker is able to read the source of php modules.\u003cbr\u003e"
}
],
"value": "Due to webserver misconfiguration an unauthenticated remote attacker is able to read the source of php modules."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T10:18:44.739Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-097"
}
],
"source": {
"advisory": "VDE-2025-097",
"defect": [
"CERT@VDE#641881"
],
"discovery": "UNKNOWN"
},
"title": "Improper access control via php endpoint",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41737",
"datePublished": "2025-11-18T10:18:44.739Z",
"dateReserved": "2025-04-16T11:17:48.320Z",
"dateUpdated": "2025-11-18T20:50:56.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41736 (GCVE-0-2025-41736)
Vulnerability from cvelistv5 – Published: 2025-11-18 10:18 – Updated: 2025-11-18 20:54
VLAI?
Summary
A low privileged remote attacker can upload a new or overwrite an existing python script by using a path traversal of the target filename in php resulting in a remote code execution.
Severity ?
8.8 (High)
CWE
- CWE-35 - Path Traversal: '.../...//'
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| METZ CONNECT | Energy-Controlling EWIO2-M |
Affected:
0.0.0 , < 2.2.0
(semver)
|
||||||||||||
|
||||||||||||||
Credits
Noam Moshe from Claroty Team82
Tomer Goldschmidt from Claroty Team82
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41736",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T20:51:07.812932Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T20:54:27.218Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Energy-Controlling EWIO2-M",
"vendor": "METZ CONNECT",
"versions": [
{
"lessThan": "2.2.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Energy-Controlling EWIO2-M-BM",
"vendor": "METZ CONNECT",
"versions": [
{
"lessThan": "2.2.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Ethernet-IO EWIO2-BM",
"vendor": "METZ CONNECT",
"versions": [
{
"lessThan": "2.2.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Noam Moshe from Claroty Team82"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Tomer Goldschmidt from Claroty Team82"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A low privileged remote attacker can upload a new or overwrite an existing python script by using a path traversal of the target filename in php resulting in a remote code execution.\u003cbr\u003e"
}
],
"value": "A low privileged remote attacker can upload a new or overwrite an existing python script by using a path traversal of the target filename in php resulting in a remote code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-35",
"description": "CWE-35 Path Traversal: \u0027.../...//\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T10:18:30.034Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-097"
}
],
"source": {
"advisory": "VDE-2025-097",
"defect": [
"CERT@VDE#641881"
],
"discovery": "UNKNOWN"
},
"title": "Possible arbitrary code execution",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41736",
"datePublished": "2025-11-18T10:18:30.034Z",
"dateReserved": "2025-04-16T11:17:48.320Z",
"dateUpdated": "2025-11-18T20:54:27.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41735 (GCVE-0-2025-41735)
Vulnerability from cvelistv5 – Published: 2025-11-18 10:18 – Updated: 2025-11-18 20:58
VLAI?
Summary
A low privileged remote attacker can upload any file to an arbitrary location due to missing file check resulting in remote code execution.
Severity ?
8.8 (High)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| METZ CONNECT | Energy-Controlling EWIO2-M |
Affected:
0.0.0 , < 2.2.0
(semver)
|
||||||||||||
|
||||||||||||||
Credits
Noam Moshe from Claroty Team82
Tomer Goldschmidt from Claroty Team82
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41735",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T20:57:37.104330Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T20:58:43.162Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Energy-Controlling EWIO2-M",
"vendor": "METZ CONNECT",
"versions": [
{
"lessThan": "2.2.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Energy-Controlling EWIO2-M-BM",
"vendor": "METZ CONNECT",
"versions": [
{
"lessThan": "2.2.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Ethernet-IO EWIO2-BM",
"vendor": "METZ CONNECT",
"versions": [
{
"lessThan": "2.2.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Noam Moshe from Claroty Team82"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Tomer Goldschmidt from Claroty Team82"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A low privileged remote attacker can upload any file to an arbitrary location due to missing file check resulting in remote code execution.\u003cbr\u003e"
}
],
"value": "A low privileged remote attacker can upload any file to an arbitrary location due to missing file check resulting in remote code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T10:18:15.146Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-097"
}
],
"source": {
"advisory": "VDE-2025-097",
"defect": [
"CERT@VDE#641881"
],
"discovery": "UNKNOWN"
},
"title": "Possible arbitrary file upload",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41735",
"datePublished": "2025-11-18T10:18:15.146Z",
"dateReserved": "2025-04-16T11:17:48.320Z",
"dateUpdated": "2025-11-18T20:58:43.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41734 (GCVE-0-2025-41734)
Vulnerability from cvelistv5 – Published: 2025-11-18 10:18 – Updated: 2025-11-18 21:00
VLAI?
Summary
An unauthenticated remote attacker can execute arbitrary php files and gain full access of the affected devices.
Severity ?
9.8 (Critical)
CWE
- CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| METZ CONNECT | Energy-Controlling EWIO2-M |
Affected:
0.0.0 , < 2.2.0
(semver)
|
||||||||||||
|
||||||||||||||
Credits
Noam Moshe from Claroty Team82
Tomer Goldschmidt from Claroty Team82
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41734",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T20:59:09.008160Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T21:00:09.059Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Energy-Controlling EWIO2-M",
"vendor": "METZ CONNECT",
"versions": [
{
"lessThan": "2.2.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Energy-Controlling EWIO2-M-BM",
"vendor": "METZ CONNECT",
"versions": [
{
"lessThan": "2.2.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Ethernet-IO EWIO2-BM",
"vendor": "METZ CONNECT",
"versions": [
{
"lessThan": "2.2.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Noam Moshe from Claroty Team82"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Tomer Goldschmidt from Claroty Team82"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker can execute arbitrary php files and gain full access of the affected devices.\u003cbr\u003e"
}
],
"value": "An unauthenticated remote attacker can execute arbitrary php files and gain full access of the affected devices."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-98",
"description": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T10:18:00.774Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-097"
}
],
"source": {
"advisory": "VDE-2025-097",
"defect": [
"CERT@VDE#641881"
],
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Local File Inclusion in php module",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41734",
"datePublished": "2025-11-18T10:18:00.774Z",
"dateReserved": "2025-04-16T11:17:48.319Z",
"dateUpdated": "2025-11-18T21:00:09.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41733 (GCVE-0-2025-41733)
Vulnerability from cvelistv5 – Published: 2025-11-18 10:17 – Updated: 2025-11-18 21:17
VLAI?
Summary
The commissioning wizard on the affected devices does not validate if the device is already initialized. An unauthenticated remote attacker can construct POST requests to set root credentials.
Severity ?
9.8 (Critical)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| METZ CONNECT | Energy-Controlling EWIO2-M |
Affected:
0.0.0 , < 2.2.0
(semver)
|
||||||||||||
|
||||||||||||||
Credits
Noam Moshe from Claroty Team82
Tomer Goldschmidt from Claroty Team82
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41733",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T21:17:44.611618Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T21:17:53.438Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Energy-Controlling EWIO2-M",
"vendor": "METZ CONNECT",
"versions": [
{
"lessThan": "2.2.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Energy-Controlling EWIO2-M-BM",
"vendor": "METZ CONNECT",
"versions": [
{
"lessThan": "2.2.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Ethernet-IO EWIO2-BM",
"vendor": "METZ CONNECT",
"versions": [
{
"lessThan": "2.2.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Noam Moshe from Claroty Team82"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Tomer Goldschmidt from Claroty Team82"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The commissioning wizard on the affected devices does not validate if the device is already initialized. An unauthenticated remote attacker can construct POST requests to set root credentials.\u003cbr\u003e"
}
],
"value": "The commissioning wizard on the affected devices does not validate if the device is already initialized. An unauthenticated remote attacker can construct POST requests to set root credentials."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305 Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T10:17:46.326Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-097"
}
],
"source": {
"advisory": "VDE-2025-097",
"defect": [
"CERT@VDE#641881"
],
"discovery": "UNKNOWN"
},
"title": "Possible malfunction credential injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41733",
"datePublished": "2025-11-18T10:17:46.326Z",
"dateReserved": "2025-04-16T11:17:48.319Z",
"dateUpdated": "2025-11-18T21:17:53.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41731 (GCVE-0-2025-41731)
Vulnerability from cvelistv5 – Published: 2025-11-10 07:44 – Updated: 2025-11-10 15:20
VLAI?
Summary
A vulnerability was identified in the password generation algorithm when accessing the debug-interface. An unauthenticated local attacker with knowledge of the password generation timeframe might be able to brute force the password in a timely manner and thus gain root access to the device if the debug interface is still enabled.
Severity ?
7.4 (High)
CWE
- CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Jumo | variTRON300 |
Affected:
0.0.0.0 , < 9.0.2.5
(semver)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41731",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-10T15:18:58.302257Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T15:20:07.843Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "variTRON300",
"vendor": "Jumo",
"versions": [
{
"lessThan": "9.0.2.5",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "variTRON500",
"vendor": "Jumo",
"versions": [
{
"lessThan": "9.0.2.5",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "variTRON500 touch",
"vendor": "Jumo",
"versions": [
{
"lessThan": "9.0.2.5",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability was identified in the password generation algorithm when accessing the debug-interface. An unauthenticated local attacker with knowledge of the password generation timeframe might be able to brute force the password in a timely manner and thus gain root access to the device if the debug interface is still enabled."
}
],
"value": "A vulnerability was identified in the password generation algorithm when accessing the debug-interface. An unauthenticated local attacker with knowledge of the password generation timeframe might be able to brute force the password in a timely manner and thus gain root access to the device if the debug interface is still enabled."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T07:44:40.644Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://jumo.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-086.json"
}
],
"source": {
"advisory": "VDE-2025-086",
"defect": [
"CERT@VDE#641857"
],
"discovery": "UNKNOWN"
},
"title": "Jumo: Insufficient entropy in PRNG may lead to root access",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41731",
"datePublished": "2025-11-10T07:44:40.644Z",
"dateReserved": "2025-04-16T11:17:48.319Z",
"dateUpdated": "2025-11-10T15:20:07.843Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41724 (GCVE-0-2025-41724)
Vulnerability from cvelistv5 – Published: 2025-10-22 07:03 – Updated: 2025-10-22 15:48
VLAI?
Summary
An unauthenticated remote attacker can crash the wscserver by sending incomplete SOAP requests. The wscserver process will not be restarted by a watchdog and a device reboot is necessary to make it work again.
Severity ?
7.5 (High)
CWE
- CWE-239 - Failure to Handle Incomplete Element
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Sauter | modulo 6 devices modu680-AS |
Affected:
0.0.0 , < Firmware v3.2.0
(semver)
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
Credits
Damian Pfammatter, Daniel Hulliger from Cyber-Defence Campus armasuisse S+T
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41724",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-22T15:48:31.778178Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T15:48:40.087Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "modulo 6 devices modu680-AS",
"vendor": "Sauter",
"versions": [
{
"lessThan": "Firmware v3.2.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "modulo 6 devices modu660-AS",
"vendor": "Sauter",
"versions": [
{
"lessThan": "Firmware v3.2.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "modulo 6 devices modu612-LC",
"vendor": "Sauter",
"versions": [
{
"lessThan": "Firmware v3.2.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EY-modulo 5 modu 5 modu524",
"vendor": "Sauter",
"versions": [
{
"lessThan": "Firmware v6.0",
"status": "affected",
"version": "0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EY-modulo 5 modu 5 modu525",
"vendor": "Sauter",
"versions": [
{
"lessThan": "Firmware v6.0",
"status": "affected",
"version": "0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EY-modulo 5 ecos 5 ecos504/505",
"vendor": "Sauter",
"versions": [
{
"lessThan": "Firmware v6.0",
"status": "affected",
"version": "0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Damian Pfammatter, Daniel Hulliger from Cyber-Defence Campus armasuisse S+T"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker can crash the wscserver by sending incomplete SOAP requests. The wscserver process will not be restarted by a watchdog and a device reboot is necessary to make it work again."
}
],
"value": "An unauthenticated remote attacker can crash the wscserver by sending incomplete SOAP requests. The wscserver process will not be restarted by a watchdog and a device reboot is necessary to make it work again."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-239",
"description": "CWE-239:Failure to Handle Incomplete Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T07:03:50.109Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://sauter.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-060.json"
}
],
"source": {
"advisory": "VDE-2025-060",
"defect": [
"CERT@VDE#641818"
],
"discovery": "UNKNOWN"
},
"title": "Sauter: Crash via Incomplete SOAP Request",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41724",
"datePublished": "2025-10-22T07:03:50.109Z",
"dateReserved": "2025-04-16T11:17:48.318Z",
"dateUpdated": "2025-10-22T15:48:40.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41723 (GCVE-0-2025-41723)
Vulnerability from cvelistv5 – Published: 2025-10-22 07:01 – Updated: 2025-10-22 13:28
VLAI?
Summary
The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to arbitrary locations.
Severity ?
9.8 (Critical)
CWE
- CWE-35 - Path Traversal: '.../...//'
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Sauter | modulo 6 devices modu680-AS |
Affected:
0.0.0 , < Firmware v3.2.0
(semver)
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
Credits
Damian Pfammatter, Daniel Hulliger from Cyber-Defence Campus armasuisse S+T
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41723",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-22T13:28:39.630438Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:28:51.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "modulo 6 devices modu680-AS",
"vendor": "Sauter",
"versions": [
{
"lessThan": "Firmware v3.2.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "modulo 6 devices modu660-AS",
"vendor": "Sauter",
"versions": [
{
"lessThan": "Firmware v3.2.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "modulo 6 devices modu612-LC",
"vendor": "Sauter",
"versions": [
{
"lessThan": "Firmware v3.2.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EY-modulo 5 modu 5 modu524",
"vendor": "Sauter",
"versions": [
{
"lessThan": "Firmware v6.0",
"status": "affected",
"version": "0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EY-modulo 5 modu 5 modu525",
"vendor": "Sauter",
"versions": [
{
"lessThan": "Firmware v6.0",
"status": "affected",
"version": "0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EY-modulo 5 ecos 5 ecos504/505",
"vendor": "Sauter",
"versions": [
{
"lessThan": "Firmware v6.0",
"status": "affected",
"version": "0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Damian Pfammatter, Daniel Hulliger from Cyber-Defence Campus armasuisse S+T"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to arbitrary locations.\u003c/p\u003e"
}
],
"value": "The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to arbitrary locations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-35",
"description": "CWE-35:Path Traversal: \u0027.../...//\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T07:01:09.768Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://sauter.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-060.json"
}
],
"source": {
"advisory": "VDE-2025-060",
"defect": [
"CERT@VDE#641818"
],
"discovery": "UNKNOWN"
},
"title": "Sauter: Directory Traversal in importFile SOAP Method",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41723",
"datePublished": "2025-10-22T07:01:09.768Z",
"dateReserved": "2025-04-16T11:17:48.318Z",
"dateUpdated": "2025-10-22T13:28:51.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41722 (GCVE-0-2025-41722)
Vulnerability from cvelistv5 – Published: 2025-10-22 06:58 – Updated: 2025-10-22 13:30
VLAI?
Summary
The wsc server uses a hard-coded certificate to check the authenticity of SOAP messages. An unauthenticated remote attacker can extract private keys from the Software of the affected devices.
Severity ?
7.5 (High)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Sauter | modulo 6 devices modu680-AS |
Affected:
0.0.0 , < Firmware v3.2.0
(semver)
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
Credits
Damian Pfammatter, Daniel Hulliger from Cyber-Defence Campus armasuisse S+T
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41722",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-22T13:29:56.589615Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:30:10.827Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "modulo 6 devices modu680-AS",
"vendor": "Sauter",
"versions": [
{
"lessThan": "Firmware v3.2.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "modulo 6 devices modu660-AS",
"vendor": "Sauter",
"versions": [
{
"lessThan": "Firmware v3.2.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "modulo 6 devices modu612-LC",
"vendor": "Sauter",
"versions": [
{
"lessThan": "Firmware v3.2.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EY-modulo 5 modu 5 modu524",
"vendor": "Sauter",
"versions": [
{
"lessThan": "Firmware v6.0",
"status": "affected",
"version": "0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EY-modulo 5 modu 5 modu525",
"vendor": "Sauter",
"versions": [
{
"lessThan": "Firmware v6.0",
"status": "affected",
"version": "0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EY-modulo 5 ecos 5 ecos504/505",
"vendor": "Sauter",
"versions": [
{
"lessThan": "Firmware v6.0",
"status": "affected",
"version": "0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Damian Pfammatter, Daniel Hulliger from Cyber-Defence Campus armasuisse S+T"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The wsc server uses a hard-coded certificate to check the authenticity of SOAP messages. An unauthenticated remote attacker can extract private keys from the Software of the affected devices."
}
],
"value": "The wsc server uses a hard-coded certificate to check the authenticity of SOAP messages. An unauthenticated remote attacker can extract private keys from the Software of the affected devices."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T06:58:31.679Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://sauter.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-060.json"
}
],
"source": {
"advisory": "VDE-2025-060",
"defect": [
"CERT@VDE#641818"
],
"discovery": "UNKNOWN"
},
"title": "Sauter: Hard-coded Authentication Credentials",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41722",
"datePublished": "2025-10-22T06:58:31.679Z",
"dateReserved": "2025-04-16T11:17:48.317Z",
"dateUpdated": "2025-10-22T13:30:10.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41721 (GCVE-0-2025-41721)
Vulnerability from cvelistv5 – Published: 2025-10-22 06:55 – Updated: 2025-10-22 13:31
VLAI?
Summary
A high privileged remote attacker can influence the parameters passed to the openssl command due to improper neutralization of special elements when adding a password protected self-signed certificate.
Severity ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Sauter | modulo 6 devices modu680-AS |
Affected:
0.0.0 , < Firmware v3.2.0
(semver)
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
Credits
Damian Pfammatter, Daniel Hulliger from Cyber-Defence Campus armasuisse S+T
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41721",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-22T13:31:24.266594Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:31:30.683Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "modulo 6 devices modu680-AS",
"vendor": "Sauter",
"versions": [
{
"lessThan": "Firmware v3.2.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "modulo 6 devices modu660-AS",
"vendor": "Sauter",
"versions": [
{
"lessThan": "Firmware v3.2.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "modulo 6 devices modu612-LC",
"vendor": "Sauter",
"versions": [
{
"lessThan": "Firmware v3.2.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EY-modulo 5 modu 5 modu524",
"vendor": "Sauter",
"versions": [
{
"lessThan": "Firmware v6.0",
"status": "affected",
"version": "0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EY-modulo 5 modu 5 modu525",
"vendor": "Sauter",
"versions": [
{
"lessThan": "Firmware v6.0",
"status": "affected",
"version": "0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EY-modulo 5 ecos 5 ecos504/505",
"vendor": "Sauter",
"versions": [
{
"lessThan": "Firmware v6.0",
"status": "affected",
"version": "0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Damian Pfammatter, Daniel Hulliger from Cyber-Defence Campus armasuisse S+T"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A high privileged remote attacker can influence the parameters passed to the openssl command due to improper neutralization of special elements when adding a password protected self-signed certificate."
}
],
"value": "A high privileged remote attacker can influence the parameters passed to the openssl command due to improper neutralization of special elements when adding a password protected self-signed certificate."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77:Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T06:55:22.860Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://sauter.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-060.json"
}
],
"source": {
"advisory": "VDE-2025-060",
"defect": [
"CERT@VDE#641818"
],
"discovery": "UNKNOWN"
},
"title": "Sauter: Command Injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41721",
"datePublished": "2025-10-22T06:55:22.860Z",
"dateReserved": "2025-04-16T11:17:48.317Z",
"dateUpdated": "2025-10-22T13:31:30.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41720 (GCVE-0-2025-41720)
Vulnerability from cvelistv5 – Published: 2025-10-22 06:52 – Updated: 2025-10-22 15:48
VLAI?
Summary
A low privileged remote attacker can upload arbitrary data masked as a png file to the affected device using the webserver API because only the file extension is verified.
Severity ?
4.3 (Medium)
CWE
- CWE-646 - Reliance on File Name or Extension of Externally-Supplied File
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Sauter | modulo 6 devices modu680-AS |
Affected:
0.0.0 , < Firmware v3.2.0
(semver)
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
Credits
Damian Pfammatter, Daniel Hulliger from Cyber-Defence Campus armasuisse
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41720",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-22T15:47:55.751768Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T15:48:07.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "modulo 6 devices modu680-AS",
"vendor": "Sauter",
"versions": [
{
"lessThan": "Firmware v3.2.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "modulo 6 devices modu660-AS",
"vendor": "Sauter",
"versions": [
{
"lessThan": "Firmware v3.2.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "modulo 6 devices modu612-LC",
"vendor": "Sauter",
"versions": [
{
"lessThan": "Firmware v3.2.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EY-modulo 5 modu 5 modu524",
"vendor": "Sauter",
"versions": [
{
"lessThan": "Firmware v6.0",
"status": "affected",
"version": "0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EY-modulo 5 modu 5 modu525",
"vendor": "Sauter",
"versions": [
{
"lessThan": "Firmware v6.0",
"status": "affected",
"version": "0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EY-modulo 5 ecos 5 ecos504/505",
"vendor": "Sauter",
"versions": [
{
"lessThan": "Firmware v6.0",
"status": "affected",
"version": "0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Damian Pfammatter, Daniel Hulliger from Cyber-Defence Campus armasuisse"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A low privileged remote attacker can upload arbitrary data masked as a png file to the affected device using the webserver API because only the file extension is verified."
}
],
"value": "A low privileged remote attacker can upload arbitrary data masked as a png file to the affected device using the webserver API because only the file extension is verified."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-646",
"description": "CWE-646:Reliance on File Name or Extension of Externally-Supplied File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T06:52:03.019Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://sauter.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-060.json"
}
],
"source": {
"advisory": "VDE-2025-060",
"defect": [
"CERT@VDE#641818"
],
"discovery": "UNKNOWN"
},
"title": "Sauter: Arbitrary File Upload",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41720",
"datePublished": "2025-10-22T06:52:03.019Z",
"dateReserved": "2025-04-16T11:17:48.313Z",
"dateUpdated": "2025-10-22T15:48:07.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41719 (GCVE-0-2025-41719)
Vulnerability from cvelistv5 – Published: 2025-10-22 06:48 – Updated: 2025-10-22 15:47
VLAI?
Summary
A low privileged remote attacker can corrupt the webserver users storage on the device by setting a sequence of unsupported characters which leads to deletion of all previously configured users and the creation of the default Administrator with a known default password.
Severity ?
8.8 (High)
CWE
- CWE-1286 - Improper Validation of Syntactic Correctness of Input
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Sauter | modulo 6 devices modu680-AS |
Affected:
0.0.0 , < Firmware v3.2.0
(semver)
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
Credits
Damian Pfammatter, Daniel Hulliger from Cyber-Defence Campus armasuisse
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41719",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-22T15:47:18.799189Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T15:47:29.413Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "modulo 6 devices modu680-AS",
"vendor": "Sauter",
"versions": [
{
"lessThan": "Firmware v3.2.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "modulo 6 devices modu660-AS",
"vendor": "Sauter",
"versions": [
{
"lessThan": "Firmware v3.2.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "modulo 6 devices modu612-LC",
"vendor": "Sauter",
"versions": [
{
"lessThan": "Firmware v3.2.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EY-modulo 5 modu 5 modu524",
"vendor": "Sauter",
"versions": [
{
"lessThan": "Firmware v6.0",
"status": "affected",
"version": "0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EY-modulo 5 modu 5 modu525",
"vendor": "Sauter",
"versions": [
{
"lessThan": "Firmware v6.0",
"status": "affected",
"version": "0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EY-modulo 5 ecos 5 ecos504/505",
"vendor": "Sauter",
"versions": [
{
"lessThan": "Firmware v6.0",
"status": "affected",
"version": "0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Damian Pfammatter, Daniel Hulliger from Cyber-Defence Campus armasuisse"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A low privileged remote attacker can corrupt the webserver users storage on the device by setting a sequence of unsupported characters which leads to deletion of all previously configured users and the creation of the default Administrator with a known default password."
}
],
"value": "A low privileged remote attacker can corrupt the webserver users storage on the device by setting a sequence of unsupported characters which leads to deletion of all previously configured users and the creation of the default Administrator with a known default password."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "CWE-1286:Improper Validation of Syntactic Correctness of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T06:48:30.796Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://sauter.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-060.json"
}
],
"source": {
"advisory": "VDE-2025-060",
"defect": [
"CERT@VDE#641818"
],
"discovery": "UNKNOWN"
},
"title": "Sauter: Improper Validation of user-controlled data",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41719",
"datePublished": "2025-10-22T06:48:30.796Z",
"dateReserved": "2025-04-16T11:17:48.313Z",
"dateUpdated": "2025-10-22T15:47:29.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41699 (GCVE-0-2025-41699)
Vulnerability from cvelistv5 – Published: 2025-10-14 08:35 – Updated: 2025-10-15 06:36
VLAI?
Summary
An low privileged remote attacker with an account for the Web-based management can change the system configuration to perform a command injection as root, resulting in a total loss of confidentiality, availability and integrity due to improper control of generation of code ('Code Injection').
Severity ?
8.8 (High)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Phoenix Contact | CHARX SEC-3150 |
Affected:
0.0.0 , < 1.7.4
(semver)
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
Ryo Kato of Panasonic Holdings Corporation
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41699",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T18:43:34.170197Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T18:43:41.706Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CHARX SEC-3150",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "1.7.4",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CHARX SEC-3100",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "1.7.4",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CHARX SEC-3050",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "1.7.4",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CHARX SEC-3000",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "1.7.4",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryo Kato of Panasonic Holdings Corporation"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An low privileged remote attacker with an account for the Web-based management can change the system configuration to perform a command injection as root, resulting in a total loss of confidentiality, availability and integrity due to improper control of generation of code (\u0027Code Injection\u0027)."
}
],
"value": "An low privileged remote attacker with an account for the Web-based management can change the system configuration to perform a command injection as root, resulting in a total loss of confidentiality, availability and integrity due to improper control of generation of code (\u0027Code Injection\u0027)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T06:36:45.974Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-074.json"
}
],
"source": {
"advisory": "VDE-2025-074",
"defect": [
"CERT@VDE#641840"
],
"discovery": "UNKNOWN"
},
"title": "Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41699",
"datePublished": "2025-10-14T08:35:05.215Z",
"dateReserved": "2025-04-16T11:17:48.310Z",
"dateUpdated": "2025-10-15T06:36:45.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41718 (GCVE-0-2025-41718)
Vulnerability from cvelistv5 – Published: 2025-10-14 08:25 – Updated: 2025-10-14 18:42
VLAI?
Summary
A cleartext transmission of sensitive information vulnerability in the affected products allows an unauthorized remote attacker to gain login credentials and access the Web-UI.
Severity ?
7.5 (High)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Murrelektronik | Firmware Impact67 Pro 54630 |
Affected:
0.0.0 , ≤ 1.08.01
(semver)
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
Abhishek Pandey from Payatu Security Consulting Pvt. Ltd.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41718",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T18:42:07.442943Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T18:42:14.852Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Firmware Impact67 Pro 54630",
"vendor": "Murrelektronik",
"versions": [
{
"lessThanOrEqual": "1.08.01",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Firmware Impact67 Pro 54620",
"vendor": "Murrelektronik",
"versions": [
{
"lessThanOrEqual": "1.08.01",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Firmware Impact67 Pro 54631",
"vendor": "Murrelektronik",
"versions": [
{
"lessThanOrEqual": "1.08.05",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Firmware Impact67 Pro 54632",
"vendor": "Murrelektronik",
"versions": [
{
"lessThanOrEqual": "1.08.01",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Abhishek Pandey from Payatu Security Consulting Pvt. Ltd."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A cleartext transmission of sensitive information vulnerability in the affected products allows an unauthorized remote attacker to gain login credentials and access the Web-UI."
}
],
"value": "A cleartext transmission of sensitive information vulnerability in the affected products allows an unauthorized remote attacker to gain login credentials and access the Web-UI."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T08:25:52.136Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://murrelektronik.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-091.json"
}
],
"source": {
"advisory": "VDE-2025-091",
"defect": [
"CERT@VDE#641864"
],
"discovery": "UNKNOWN"
},
"title": "Murrelektronik: Unprotected Transport of Credentials",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41718",
"datePublished": "2025-10-14T08:25:52.136Z",
"dateReserved": "2025-04-16T11:17:48.313Z",
"dateUpdated": "2025-10-14T18:42:14.852Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41707 (GCVE-0-2025-41707)
Vulnerability from cvelistv5 – Published: 2025-10-14 08:06 – Updated: 2025-11-03 17:44
VLAI?
Summary
The websocket handler is vulnerable to a denial of service condition. An unauthenticated remote attacker can send a crafted websocket message to trigger the issue without affecting the core functionality.
Severity ?
5.3 (Medium)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Phoenix Contact | QUINT4-UPS/24DC/24DC/5/EIP |
Affected:
VC:00 , < VC:07
(semver)
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
D. Blagojevic, S. Dietz, F. Koroknai, T. Weber from CyberDanube Security Research
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41707",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T18:41:16.009240Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T18:41:30.126Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:44:49.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/Oct/12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QUINT4-UPS/24DC/24DC/5/EIP",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "VC:07",
"status": "affected",
"version": "VC:00",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QUINT4-UPS/24DC/24DC/10/EIP",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "VC:07",
"status": "affected",
"version": "VC:00",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QUINT4-UPS/24DC/24DC/20/EIP",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "VC:07",
"status": "affected",
"version": "VC:00",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QUINT4-UPS/24DC/24DC/40/EIP",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "VC:07",
"status": "affected",
"version": "VC:00",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "D. Blagojevic, S. Dietz, F. Koroknai, T. Weber from CyberDanube Security Research"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The websocket handler is vulnerable to a denial of service condition. An unauthenticated remote attacker can send a crafted websocket message to trigger the issue without affecting the core functionality.\u003cbr\u003e"
}
],
"value": "The websocket handler is vulnerable to a denial of service condition. An unauthenticated remote attacker can send a crafted websocket message to trigger the issue without affecting the core functionality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T08:06:11.424Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-072"
}
],
"source": {
"advisory": "VDE-2025-072",
"defect": [
"CERT@VDE#641835"
],
"discovery": "UNKNOWN"
},
"title": "Phoenix Contact: WebSocket Handler Denial of Service",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41707",
"datePublished": "2025-10-14T08:06:11.424Z",
"dateReserved": "2025-04-16T11:17:48.311Z",
"dateUpdated": "2025-11-03T17:44:49.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41706 (GCVE-0-2025-41706)
Vulnerability from cvelistv5 – Published: 2025-10-14 08:05 – Updated: 2025-11-03 17:44
VLAI?
Summary
The webserver is vulnerable to a denial of service condition. An unauthenticated remote attacker can craft a special GET request with an over-long content-length to trigger the issue without affecting the core functionality.
Severity ?
5.3 (Medium)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Phoenix Contact | QUINT4-UPS/24DC/24DC/5/EIP |
Affected:
VC:00 , < VC:07
(semver)
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
D. Blagojevic, S. Dietz, F. Koroknai, T. Weber from CyberDanube Security Research
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41706",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T18:40:44.318321Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T18:40:56.043Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:44:48.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/Oct/12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QUINT4-UPS/24DC/24DC/5/EIP",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "VC:07",
"status": "affected",
"version": "VC:00",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QUINT4-UPS/24DC/24DC/10/EIP",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "VC:07",
"status": "affected",
"version": "VC:00",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QUINT4-UPS/24DC/24DC/20/EIP",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "VC:07",
"status": "affected",
"version": "VC:00",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QUINT4-UPS/24DC/24DC/40/EIP",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "VC:07",
"status": "affected",
"version": "VC:00",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "D. Blagojevic, S. Dietz, F. Koroknai, T. Weber from CyberDanube Security Research"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The webserver is vulnerable to a denial of service condition. An unauthenticated remote attacker can craft a special GET request with an over-long content-length to trigger the issue without affecting the core functionality.\u003cbr\u003e"
}
],
"value": "The webserver is vulnerable to a denial of service condition. An unauthenticated remote attacker can craft a special GET request with an over-long content-length to trigger the issue without affecting the core functionality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T08:05:56.266Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-072"
}
],
"source": {
"advisory": "VDE-2025-072",
"defect": [
"CERT@VDE#641835"
],
"discovery": "UNKNOWN"
},
"title": "Phoenix Contact: Webserver Denial of Service through Malformed Content-Length",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41706",
"datePublished": "2025-10-14T08:05:56.266Z",
"dateReserved": "2025-04-16T11:17:48.310Z",
"dateUpdated": "2025-11-03T17:44:48.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41705 (GCVE-0-2025-41705)
Vulnerability from cvelistv5 – Published: 2025-10-14 08:05 – Updated: 2025-11-03 17:44
VLAI?
Summary
An unauthenticated remote attacker (MITM) can intercept the websocket messages to gain access to the login credentials for the Webfrontend.
Severity ?
6.8 (Medium)
CWE
- CWE-523 - Unprotected Transport of Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Phoenix Contact | QUINT4-UPS/24DC/24DC/5/EIP |
Affected:
VC:00 , < VC:07
(semver)
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
D. Blagojevic, S. Dietz, F. Koroknai, T. Weber from CyberDanube Security Research
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41705",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T18:39:39.309928Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T18:39:54.898Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:44:47.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/Oct/12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QUINT4-UPS/24DC/24DC/5/EIP",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "VC:07",
"status": "affected",
"version": "VC:00",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QUINT4-UPS/24DC/24DC/10/EIP",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "VC:07",
"status": "affected",
"version": "VC:00",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QUINT4-UPS/24DC/24DC/20/EIP",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "VC:07",
"status": "affected",
"version": "VC:00",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QUINT4-UPS/24DC/24DC/40/EIP",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "VC:07",
"status": "affected",
"version": "VC:00",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "D. Blagojevic, S. Dietz, F. Koroknai, T. Weber from CyberDanube Security Research"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker (MITM) can intercept the websocket messages to gain access to the login credentials for the Webfrontend.\u003cbr\u003e"
}
],
"value": "An unauthenticated remote attacker (MITM) can intercept the websocket messages to gain access to the login credentials for the Webfrontend."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-523",
"description": "CWE-523 Unprotected Transport of Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T08:06:21.805Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-072"
}
],
"source": {
"advisory": "VDE-2025-072",
"defect": [
"CERT@VDE#641835"
],
"discovery": "UNKNOWN"
},
"title": "Phoenix Contact: WebSocket Message Interception Leaks Webfrontend Credentials",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41705",
"datePublished": "2025-10-14T08:05:43.031Z",
"dateReserved": "2025-04-16T11:17:48.310Z",
"dateUpdated": "2025-11-03T17:44:47.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41704 (GCVE-0-2025-41704)
Vulnerability from cvelistv5 – Published: 2025-10-14 08:05 – Updated: 2025-11-03 17:44
VLAI?
Summary
An unauthanticated remote attacker can perform a DoS of the Modbus service by sending a specific function and sub-function code without affecting the core functionality.
Severity ?
5.3 (Medium)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Phoenix Contact | QUINT4-UPS/24DC/24DC/5/EIP |
Affected:
VC:00 , < VC:07
(semver)
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
D. Blagojevic, S. Dietz, F. Koroknai, T. Weber from CyberDanube Security Research
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41704",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T18:39:04.874992Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T18:39:22.997Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:44:46.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/Oct/12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QUINT4-UPS/24DC/24DC/5/EIP",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "VC:07",
"status": "affected",
"version": "VC:00",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QUINT4-UPS/24DC/24DC/10/EIP",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "VC:07",
"status": "affected",
"version": "VC:00",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QUINT4-UPS/24DC/24DC/20/EIP",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "VC:07",
"status": "affected",
"version": "VC:00",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QUINT4-UPS/24DC/24DC/40/EIP",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "VC:07",
"status": "affected",
"version": "VC:00",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "D. Blagojevic, S. Dietz, F. Koroknai, T. Weber from CyberDanube Security Research"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthanticated remote attacker can perform a DoS of the Modbus service by sending a specific function and sub-function code without affecting the core functionality.\u003cbr\u003e"
}
],
"value": "An unauthanticated remote attacker can perform a DoS of the Modbus service by sending a specific function and sub-function code without affecting the core functionality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T08:05:34.171Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-072"
}
],
"source": {
"advisory": "VDE-2025-072",
"defect": [
"CERT@VDE#641835"
],
"discovery": "UNKNOWN"
},
"title": "Phoenix Contact: Unauthenticated Modbus Service DoS via Crafted Function Code",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41704",
"datePublished": "2025-10-14T08:05:34.171Z",
"dateReserved": "2025-04-16T11:17:48.310Z",
"dateUpdated": "2025-11-03T17:44:46.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41703 (GCVE-0-2025-41703)
Vulnerability from cvelistv5 – Published: 2025-10-14 08:05 – Updated: 2025-11-03 17:44
VLAI?
Summary
An unauthenticated remote attacker can cause a Denial of Service by turning off the output of the UPS via Modbus command.
Severity ?
7.5 (High)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Phoenix Contact | QUINT4-UPS/24DC/24DC/5/EIP |
Affected:
VC:00 , ≤ VC:07
(semver)
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
D. Blagojevic, S. Dietz, F. Koroknai, T. Weber from CyberDanube Security Research
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41703",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T18:38:31.786647Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T18:38:47.646Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:44:45.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/Oct/12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QUINT4-UPS/24DC/24DC/5/EIP",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThanOrEqual": "VC:07",
"status": "affected",
"version": "VC:00",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QUINT4-UPS/24DC/24DC/10/EIP",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThanOrEqual": "VC:07",
"status": "affected",
"version": "VC:00",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QUINT4-UPS/24DC/24DC/20/EIP",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThanOrEqual": "VC:07",
"status": "affected",
"version": "VC:00",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QUINT4-UPS/24DC/24DC/40/EIP",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThanOrEqual": "VC:07",
"status": "affected",
"version": "VC:00",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "D. Blagojevic, S. Dietz, F. Koroknai, T. Weber from CyberDanube Security Research"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker can cause a Denial of Service by turning off the output of the UPS via Modbus command.\u003cbr\u003e"
}
],
"value": "An unauthenticated remote attacker can cause a Denial of Service by turning off the output of the UPS via Modbus command."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T08:05:23.395Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-072"
}
],
"source": {
"advisory": "VDE-2025-072",
"defect": [
"CERT@VDE#641835"
],
"discovery": "UNKNOWN"
},
"title": "Phoenix Contact: UPS Shutdown via Unauthenticated Modbus Command",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41703",
"datePublished": "2025-10-14T08:05:23.395Z",
"dateReserved": "2025-04-16T11:17:48.310Z",
"dateUpdated": "2025-11-03T17:44:45.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41716 (GCVE-0-2025-41716)
Vulnerability from cvelistv5 – Published: 2025-09-24 09:04 – Updated: 2025-09-24 13:03
VLAI?
Summary
The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to missing authentication for critical function.
Severity ?
5.3 (Medium)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WAGO | Solution Builder |
Affected:
0.0.0 , < 2.3.3
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41716",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T13:03:29.670633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T13:03:53.265Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Solution Builder",
"vendor": "WAGO",
"versions": [
{
"lessThan": "2.3.3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to missing authentication for critical function.\u003cbr\u003e"
}
],
"value": "The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to missing authentication for critical function."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T09:04:33.971Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-087"
}
],
"source": {
"advisory": "VDE-2025-087",
"defect": [
"CERT@VDE#641858"
],
"discovery": "UNKNOWN"
},
"title": "Unauthenticated User Enumeration via Missing Authentication",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41716",
"datePublished": "2025-09-24T09:04:33.971Z",
"dateReserved": "2025-04-16T11:17:48.313Z",
"dateUpdated": "2025-09-24T13:03:53.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41715 (GCVE-0-2025-41715)
Vulnerability from cvelistv5 – Published: 2025-09-24 09:04 – Updated: 2025-09-24 13:07
VLAI?
Summary
The database for the web application is exposed without authentication, allowing an unauthenticated remote attacker to gain unauthorized access and potentially compromise it.
Severity ?
9.8 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| WAGO | Device Sphere |
Affected:
0.0.0 , < 1.1.0
(semver)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41715",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T13:07:23.769369Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T13:07:30.391Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Device Sphere",
"vendor": "WAGO",
"versions": [
{
"lessThan": "1.1.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Solution Builder",
"vendor": "WAGO",
"versions": [
{
"lessThan": "2.3.3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe database for the web application is exposed without authentication, allowing an unauthenticated remote attacker to gain unauthorized access and potentially compromise it.\u003c/p\u003e"
}
],
"value": "The database for the web application is exposed without authentication, allowing an unauthenticated remote attacker to gain unauthorized access and potentially compromise it."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T09:04:22.835Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-087"
}
],
"source": {
"advisory": "VDE-2025-087",
"defect": [
"CERT@VDE#641858"
],
"discovery": "UNKNOWN"
},
"title": "Missing Authentication for Database Access in Web Application",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41715",
"datePublished": "2025-09-24T09:04:22.835Z",
"dateReserved": "2025-04-16T11:17:48.312Z",
"dateUpdated": "2025-09-24T13:07:30.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41713 (GCVE-0-2025-41713)
Vulnerability from cvelistv5 – Published: 2025-09-15 08:00 – Updated: 2025-09-15 15:23
VLAI?
Summary
During a short time frame while the device is booting an unauthenticated remote attacker can send traffic to unauthorized networks due to the switch operating in an undefined state until a CPU-induced reset allows proper configuration.
Severity ?
6.5 (Medium)
CWE
- CWE-1188 - Insecure Default Initialization of Resource
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41713",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-15T15:23:05.302247Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T15:23:17.088Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CC100 0751-9301",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC100 0751-9301 HW rev. \u0026lt;082100",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC100 0751-9301/K000-0005",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC100 0751-9301/K000-0005 HW rev. \u0026lt;082100",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC100 0751-9401",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC100 0751-9401 HW rev. \u0026lt;052500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC100 0751-9402",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC100 0751-9402/0000-0001",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC100 0751-9402/0000-0001 HW rev. \u0026lt;052800",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC100 0751-9402 HW rev. \u0026lt;032800",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC100 0751-9403",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC100 0751-9403 HW rev. \u0026lt;022800",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Edge Controller 0752-8303/8000-0002",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Edge Controller 0752-8303/8000-0002 HW rev. 32500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4101",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4101 HW rev. \u0026lt;072500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4102",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4102 HW rev. \u0026lt;072500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4104",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4104 HW rev. \u0026lt;062500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4201/8000-0001",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4201/8000-0001 HW rev. \u0026lt;072500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4201/8000-0002",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4201/8000-0002",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4201/8000-0002 HW rev. \u0026lt;072500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4201/8000-0002 HW rev. \u0026lt;072500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4301/8000-0002",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4301/8000-0002 HW rev. \u0026lt;072500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4302/8000-0002",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4302/8000-0002 HW rev. \u0026lt;072500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4303/8000-0002",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4303/8000-0002 HW rev. \u0026lt;062500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4304/8000-0002",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4304/8000-0002 HW rev. \u0026lt;062500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4305/8000-0002",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4305/8000-0002 HW rev. \u0026lt;052500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4306/8000-0001",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4306/8000-0001 HW rev. \u0026lt;042500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4306/8000-0002",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4306/8000-0002 HW rev. \u0026lt;042500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-5201/8000-0001",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-5201/8000-0001 HW rev. \u0026lt;062500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-5203/8000-0001",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-5203/8000-0001 HW rev. \u0026lt;062500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-5204/8000-0001",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-5204/8000-0001",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-5204/8000-0001 HW rev. \u0026lt;052500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-5204/8000-0001 HW rev. \u0026lt;052500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-5205/8000-0001",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-5205/8000-0001 HW rev. \u0026lt;032500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-5206/8000-0001",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-5206/8000-0001 HW rev. \u0026lt;042500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "During a short time frame while the device is booting an unauthenticated remote attacker can send traffic to unauthorized networks due to the switch operating in an undefined state until a CPU-induced reset allows proper configuration."
}
],
"value": "During a short time frame while the device is booting an unauthenticated remote attacker can send traffic to unauthorized networks due to the switch operating in an undefined state until a CPU-induced reset allows proper configuration."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188 Insecure Default Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T08:00:50.241Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/en/advisories/VDE-2025-083"
},
{
"url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-083.json"
}
],
"source": {
"advisory": "VDE-2025-083",
"defect": [
"CERT@VDE#641852"
],
"discovery": "UNKNOWN"
},
"title": "WAGO: Vulnerability in hardware switch circuit",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41713",
"datePublished": "2025-09-15T08:00:50.241Z",
"dateReserved": "2025-04-16T11:17:48.311Z",
"dateUpdated": "2025-09-15T15:23:17.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41714 (GCVE-0-2025-41714)
Vulnerability from cvelistv5 – Published: 2025-09-10 06:48 – Updated: 2025-09-10 19:27
VLAI?
Summary
The upload endpoint insufficiently validates the 'Upload-Key' request header. By supplying path traversal sequences, an authenticated attacker can cause the server to create upload-related artifacts outside the intended storage location. In certain configurations this enables arbitrary file write and may be leveraged to achieve remote code execution.
Severity ?
8.8 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Welotec | SmartEMS Web Application |
Affected:
v0.0.0 , < v3.3.6
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41714",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-10T19:27:37.674885Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T19:27:45.979Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SmartEMS Web Application",
"vendor": "Welotec",
"versions": [
{
"lessThan": "v3.3.6",
"status": "affected",
"version": "v0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The upload endpoint insufficiently validates the \u0027Upload-Key\u0027 request header. By supplying path traversal sequences, an authenticated attacker can cause the server to create upload-related artifacts outside the intended storage location. In certain configurations this enables arbitrary file write and may be leveraged to achieve remote code execution."
}
],
"value": "The upload endpoint insufficiently validates the \u0027Upload-Key\u0027 request header. By supplying path traversal sequences, an authenticated attacker can cause the server to create upload-related artifacts outside the intended storage location. In certain configurations this enables arbitrary file write and may be leveraged to achieve remote code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T06:48:10.130Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-085"
}
],
"source": {
"advisory": "VDE-2025-085",
"defect": [
"CERT@VDE#641856"
],
"discovery": "UNKNOWN"
},
"title": "Path Traversal via \u0027Upload-Key\u0027 in SmartEMS Upload Handling",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41714",
"datePublished": "2025-09-10T06:48:10.130Z",
"dateReserved": "2025-04-16T11:17:48.311Z",
"dateUpdated": "2025-09-10T19:27:45.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}