CVE-2025-41684 (GCVE-0-2025-41684)

Vulnerability from cvelistv5 – Published: 2025-07-23 08:23 – Updated: 2025-07-23 14:04
VLAI?
Summary
An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface (endpoint tls_iotgen_setting).
Severity ?
8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
Vendor Product Version
Weidmueller IE-SR-2TX-WL Affected: V0.0 , < V1.49 (semver)
Create a notification for this product.
Credits
Reid Wightman of Dragos Inc.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-41684",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-23T14:04:14.287350Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-23T14:04:20.683Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "IE-SR-2TX-WL",
          "vendor": "Weidmueller",
          "versions": [
            {
              "lessThan": "V1.49",
              "status": "affected",
              "version": "V0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "IE-SR-2TX-WL-4G-EU",
          "vendor": "Weidmueller",
          "versions": [
            {
              "lessThan": "V1.62",
              "status": "affected",
              "version": "V0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "IE-SR-2TX-WL-4G-US-V",
          "vendor": "Weidmueller",
          "versions": [
            {
              "lessThan": "V1.62",
              "status": "affected",
              "version": "V0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Reid Wightman of Dragos Inc."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface (endpoint tls_iotgen_setting)."
            }
          ],
          "value": "An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface (endpoint tls_iotgen_setting)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-23T08:23:28.046Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://certvde.com/de/advisories/VDE-2025-052"
        }
      ],
      "source": {
        "advisory": "VDE-2025-052",
        "defect": [
          "CERT@VDE#641805"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Weidmueller: Root Command Injection via Unsanitized Input in tls_iotgen_setting Endpoint",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2025-41684",
    "datePublished": "2025-07-23T08:23:28.046Z",
    "dateReserved": "2025-04-16T11:17:48.309Z",
    "dateUpdated": "2025-07-23T14:04:20.683Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-41684\",\"sourceIdentifier\":\"info@cert.vde.com\",\"published\":\"2025-07-23T09:15:25.747\",\"lastModified\":\"2025-07-25T15:29:44.523\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface (endpoint tls_iotgen_setting).\"},{\"lang\":\"es\",\"value\":\"Un atacante remoto autenticado puede ejecutar comandos arbitrarios con privilegios de root en los dispositivos afectados debido a la falta de depuraci\u00f3n inadecuada de la entrada del usuario en la interfaz web principal (endpoint tls_iotgen_setting).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"references\":[{\"url\":\"https://certvde.com/de/advisories/VDE-2025-052\",\"source\":\"info@cert.vde.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-41684\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-23T14:04:14.287350Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-23T14:04:17.981Z\"}}], \"cna\": {\"title\": \"Weidmueller: Root Command Injection via Unsanitized Input in tls_iotgen_setting Endpoint\", \"source\": {\"defect\": [\"CERT@VDE#641805\"], \"advisory\": \"VDE-2025-052\", \"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Reid Wightman of Dragos Inc.\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Weidmueller\", \"product\": \"IE-SR-2TX-WL\", \"versions\": [{\"status\": \"affected\", \"version\": \"V0.0\", \"lessThan\": \"V1.49\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Weidmueller\", \"product\": \"IE-SR-2TX-WL-4G-EU\", \"versions\": [{\"status\": \"affected\", \"version\": \"V0.0\", \"lessThan\": \"V1.62\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Weidmueller\", \"product\": \"IE-SR-2TX-WL-4G-US-V\", \"versions\": [{\"status\": \"affected\", \"version\": \"V0.0\", \"lessThan\": \"V1.62\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://certvde.com/de/advisories/VDE-2025-052\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface (endpoint tls_iotgen_setting).\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface (endpoint tls_iotgen_setting).\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"270ccfa6-a436-4e77-922e-914ec3a9685c\", \"shortName\": \"CERTVDE\", \"dateUpdated\": \"2025-07-23T08:23:28.046Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-41684\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-07-23T14:04:20.683Z\", \"dateReserved\": \"2025-04-16T11:17:48.309Z\", \"assignerOrgId\": \"270ccfa6-a436-4e77-922e-914ec3a9685c\", \"datePublished\": \"2025-07-23T08:23:28.046Z\", \"assignerShortName\": \"CERTVDE\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.