Search criteria
2 vulnerabilities found for IndustrialPI 4 with IndustrialPI webstatus by Pilz
CVE-2025-41648 (GCVE-0-2025-41648)
Vulnerability from cvelistv5 – Published: 2025-07-01 08:10 – Updated: 2025-07-02 13:24
VLAI?
Title
Pilz: Authentication Bypass in IndustrialPI Webstatus
Summary
An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available settings of the IndustrialPI.
Severity ?
9.8 (Critical)
CWE
- CWE-704 - Incorrect Type Conversion or Cast
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pilz | IndustrialPI 4 with IndustrialPI webstatus |
Affected:
0 , < 2.4.6
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41648",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-01T13:44:04.614032Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-02T13:24:37.115Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IndustrialPI 4 with IndustrialPI webstatus",
"vendor": "Pilz",
"versions": [
{
"lessThan": "2.4.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available settings of the IndustrialPI.\u003c/p\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available settings of the IndustrialPI."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-704",
"description": "CWE-704 Incorrect Type Conversion or Cast",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T08:10:24.679Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/en/advisories/VDE-2025-039"
}
],
"source": {
"advisory": "VDE-2025-039",
"defect": [
"CERT@VDE#641779"
],
"discovery": "UNKNOWN"
},
"title": "Pilz: Authentication Bypass in IndustrialPI Webstatus",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41648",
"datePublished": "2025-07-01T08:10:24.679Z",
"dateReserved": "2025-04-16T11:17:48.305Z",
"dateUpdated": "2025-07-02T13:24:37.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41648 (GCVE-0-2025-41648)
Vulnerability from nvd – Published: 2025-07-01 08:10 – Updated: 2025-07-02 13:24
VLAI?
Title
Pilz: Authentication Bypass in IndustrialPI Webstatus
Summary
An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available settings of the IndustrialPI.
Severity ?
9.8 (Critical)
CWE
- CWE-704 - Incorrect Type Conversion or Cast
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pilz | IndustrialPI 4 with IndustrialPI webstatus |
Affected:
0 , < 2.4.6
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41648",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-01T13:44:04.614032Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-02T13:24:37.115Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IndustrialPI 4 with IndustrialPI webstatus",
"vendor": "Pilz",
"versions": [
{
"lessThan": "2.4.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available settings of the IndustrialPI.\u003c/p\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available settings of the IndustrialPI."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-704",
"description": "CWE-704 Incorrect Type Conversion or Cast",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T08:10:24.679Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/en/advisories/VDE-2025-039"
}
],
"source": {
"advisory": "VDE-2025-039",
"defect": [
"CERT@VDE#641779"
],
"discovery": "UNKNOWN"
},
"title": "Pilz: Authentication Bypass in IndustrialPI Webstatus",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41648",
"datePublished": "2025-07-01T08:10:24.679Z",
"dateReserved": "2025-04-16T11:17:48.305Z",
"dateUpdated": "2025-07-02T13:24:37.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}