VDE-2025-060

Vulnerability from csaf_sauterag - Published: 2025-10-21 10:00 - Updated: 2025-10-27 11:00
Summary
Sauter: Multiple vulnerabilities in SAUTER modulo 6
Severity
High
Notes
Summary: Vulnerabilities have been discovered in the embedded firmware of SAUTER modulo 6 devices. These vulnerabilities affect the embedded web server as well as the interface to the SAUTER CASE Suite tools.
Remediation: Update to firmware version 3.2.0. or newer. This will require CASE Suite Version 5.2 SR5 or newer. Contact your local SAUTER representative for support.
Impact: The vulnerabilities in the modulo 6 devices allow privilege escalation, remote exploitation, and compromise of device integrity, availability and confidentiality.
CVE-2025-41719

A low privileged remote attacker can corrupt the webserver users storage on the device by setting a sequence of unsupported characters which leads to deletion of all previously configured users and the creation of the default Administrator with a known default password.

8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-1286 - Improper Validation of Syntactic Correctness of Input
Vendor Fix Install modulo 6 embedded software version 3.2.0 on modulo 6 devices
Vendor Fix Upgrade to CASE Suite v5.2 SR5
Mitigation Protect access to device and network according to best practices and state of the art means
CVE-2025-41720

A low privileged remote attacker can upload arbitrary data masked as a png file to the affected device using the webserver API because only the file extension is verified.

4.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CWE-646 - Reliance on File Name or Extension of Externally-Supplied File
Vendor Fix Install modulo 6 embedded software version 3.2.0 on modulo 6 devices
Vendor Fix Upgrade to CASE Suite v5.2 SR5
Mitigation Protect access to device and network according to best practices and state of the art means
CVE-2025-41721

A high privileged remote attacker can influence the parameters passed to the openssl command due to improper neutralization of special elements when adding a password protected self-signed certificate.

2.7 (Low)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Vendor Fix Install modulo 6 embedded software version 3.2.0 on modulo 6 devices
Vendor Fix Upgrade to CASE Suite v5.2 SR5
Mitigation Protect access to device and network according to best practices and state of the art means
CVE-2025-41722

The wsc server uses a hard-coded certificate to check the authenticity of SOAP messages. An unauthenticated remote attacker can extract private keys from the Software of the affected devices.

7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-798 - Use of Hard-coded Credentials
Vendor Fix Install modulo 6 embedded software version 3.2.0 on modulo 6 devices
Vendor Fix Install EY-modulo 5 embedded software v6.0 on supported EY-modulo 5 devices
Vendor Fix Upgrade to CASE Suite v5.2 SR5
Mitigation Protect access to device and network according to best practices and state of the art means
CVE-2025-41723

The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to arbitrary locations.

9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-35 - Path Traversal: '.../...//'
Vendor Fix Install modulo 6 embedded software version 3.2.0 on modulo 6 devices
Vendor Fix Install EY-modulo 5 embedded software v6.0 on supported EY-modulo 5 devices
Vendor Fix Upgrade to CASE Suite v5.2 SR5
Mitigation Protect access to device and network according to best practices and state of the art means
CVE-2025-41724

An unauthenticated remote attacker can crash the wscserver by sending incomplete SOAP requests. The wscserver process will not be restarted by a watchdog and a device reboot is necessary to make it work again.

7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-239 - Failure to Handle Incomplete Element
Vendor Fix Install modulo 6 embedded software version 3.2.0 on modulo 6 devices
Vendor Fix Install EY-modulo 5 embedded software v6.0 on supported EY-modulo 5 devices
Vendor Fix Upgrade to CASE Suite v5.2 SR5
Mitigation Protect access to device and network according to best practices and state of the art means
References
Acknowledgments
Cyber-Defence Campus armasuisse S+T Damian Pfammatter Daniel Hulliger www.ar.admin.ch/cyberdefencecampus
CERT@VDE
Cyber-Defence Campus armasuisse S+T Damian Pfammatter Daniel Hulliger
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Damian Pfammatter",
          "Daniel Hulliger"
        ],
        "organization": "Cyber-Defence Campus armasuisse S+T",
        "summary": "SAUTER thanks the Cyber-Defence Campus of ARMASUISSE S+T for organizing the hackathon and for reporting the vulnerabilities.",
        "urls": [
          "https://www.ar.admin.ch/cyberdefencecampus"
        ]
      },
      {
        "organization": "CERT@VDE",
        "summary": "coordination"
      }
    ],
    "aggregate_severity": {
      "namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale",
      "text": "High"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "summary",
        "text": "Vulnerabilities have been discovered in the embedded firmware of SAUTER modulo 6 devices. These vulnerabilities affect the embedded web server as well as the interface to the SAUTER CASE Suite tools.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "Update to firmware version 3.2.0. or newer. This will require CASE Suite Version 5.2 SR5 or newer. Contact your local SAUTER representative for support.",
        "title": "Remediation"
      },
      {
        "category": "description",
        "text": "The vulnerabilities in the modulo 6 devices allow privilege escalation, remote exploitation, and compromise of device integrity, availability and confidentiality. ",
        "title": "Impact"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@sauter-bc.com",
      "name": "Sauter AG",
      "namespace": "https://www.sauter-controls.com"
    },
    "references": [
      {
        "category": "external",
        "summary": "Sauter advisory overview at CERT@VDE",
        "url": "https://certvde.com/de/advisories/vendor/sauter/"
      },
      {
        "category": "self",
        "summary": "VDE-2025-060: Sauter: Multiple vulnerabilities in SAUTER modulo 6  - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2025-060"
      },
      {
        "category": "self",
        "summary": "VDE-2025-060: Sauter: Multiple vulnerabilities in SAUTER modulo 6  - CSAF",
        "url": "https://sauter.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-060.json"
      }
    ],
    "title": "Sauter: Multiple vulnerabilities in SAUTER modulo 6 ",
    "tracking": {
      "aliases": [
        "VDE-2025-060"
      ],
      "current_release_date": "2025-10-27T11:00:00.000Z",
      "generator": {
        "date": "2025-10-27T09:37:27.479Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.35"
        }
      },
      "id": "VDE-2025-060",
      "initial_release_date": "2025-10-21T10:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-10-21T10:00:00.000Z",
          "number": "1.0.0",
          "summary": "Initial revision"
        },
        {
          "date": "2025-10-27T11:00:00.000Z",
          "number": "1.1.0",
          "summary": "Correction: modu524 and modu525 not affected by CVE-2025-41723"
        }
      ],
      "status": "final",
      "version": "1.1.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_name",
                    "name": "modu680-AS",
                    "product": {
                      "name": "modulo 6 devices modu680-AS",
                      "product_id": "CSAFPID-11001"
                    }
                  },
                  {
                    "category": "product_name",
                    "name": "modu660-AS",
                    "product": {
                      "name": "modulo 6 devices modu660-AS",
                      "product_id": "CSAFPID-11002"
                    }
                  },
                  {
                    "category": "product_name",
                    "name": "modu612-LC",
                    "product": {
                      "name": "modulo 6 devices modu612-LC",
                      "product_id": "CSAFPID-11003"
                    }
                  }
                ],
                "category": "product_family",
                "name": "modulo 6 devices"
              },
              {
                "branches": [
                  {
                    "branches": [
                      {
                        "category": "product_name",
                        "name": "modu524",
                        "product": {
                          "name": "EY-modulo 5 modu 5 modu524",
                          "product_id": "CSAFPID-11004"
                        }
                      },
                      {
                        "category": "product_name",
                        "name": "modu525",
                        "product": {
                          "name": "EY-modulo 5 modu 5 modu525",
                          "product_id": "CSAFPID-11005"
                        }
                      }
                    ],
                    "category": "product_family",
                    "name": "modu 5"
                  },
                  {
                    "branches": [
                      {
                        "category": "product_name",
                        "name": "ecos504/505",
                        "product": {
                          "name": "EY-modulo 5 ecos 5 ecos504/505",
                          "product_id": "CSAFPID-11006"
                        }
                      }
                    ],
                    "category": "product_family",
                    "name": "ecos 5"
                  }
                ],
                "category": "product_family",
                "name": "EY-modulo 5"
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version",
                    "name": "v3.2.0",
                    "product": {
                      "name": "Firmware modulo 6 embedded software v3.2.0",
                      "product_id": "CSAFPID-22001"
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "\u003cv3.2.0",
                    "product": {
                      "name": "Firmware modulo 6 embedded software \u003cv3.2.0",
                      "product_id": "CSAFPID-21001"
                    }
                  }
                ],
                "category": "product_family",
                "name": "modulo 6 embedded software"
              },
              {
                "branches": [
                  {
                    "category": "product_version",
                    "name": "v6.0",
                    "product": {
                      "name": "Firmware EY-modulo 5 embedded software v6.0",
                      "product_id": "CSAFPID-22002"
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "\u003cv6.0",
                    "product": {
                      "name": "Firmware EY-modulo 5 embedded software \u003cv6.0",
                      "product_id": "CSAFPID-21002"
                    }
                  }
                ],
                "category": "product_family",
                "name": "EY-modulo 5 embedded software"
              }
            ],
            "category": "product_family",
            "name": "Firmware"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003cv5.2 SR5",
                    "product": {
                      "name": "Software CASE Suite \u003cv5.2 SR5",
                      "product_id": "CSAFPID-51001"
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "v5.2 SR5",
                    "product": {
                      "name": "Software CASE Suite v5.2 SR5",
                      "product_id": "CSAFPID-52001"
                    }
                  }
                ],
                "category": "product_family",
                "name": "CASE Suite"
              }
            ],
            "category": "product_family",
            "name": "Software"
          }
        ],
        "category": "vendor",
        "name": "Fr. SAUTER AG"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006"
        ],
        "summary": "affected products"
      },
      {
        "group_id": "CSAFGID-0002",
        "product_ids": [
          "CSAFPID-32201",
          "CSAFPID-32202",
          "CSAFPID-32203",
          "CSAFPID-32204"
        ],
        "summary": "fixed products"
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware modulo 6 embedded software v3.2.0 installed on modulo 6 devices modu680-AS",
          "product_id": "CSAFPID-32001"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware modulo 6 embedded software v3.2.0 installed on modulo 6 devices modu660-AS",
          "product_id": "CSAFPID-32002"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware modulo 6 embedded software v3.2.0 installed on modulo 6 devices modu612-LC",
          "product_id": "CSAFPID-32003"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware modulo 6 embedded software \u003cv3.2.0 installed on modulo 6 devices modu680-AS",
          "product_id": "CSAFPID-31001"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware modulo 6 embedded software \u003cv3.2.0 installed on modulo 6 devices modu660-AS",
          "product_id": "CSAFPID-31002"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware modulo 6 embedded software \u003cv3.2.0 installed on modulo 6 devices modu612-LC",
          "product_id": "CSAFPID-31003"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware EY-modulo 5 embedded software v6.0 installed on EY-modulo 5 ecos 5 ecos504/505",
          "product_id": "CSAFPID-32006"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware EY-modulo 5 embedded software \u003cv6.0 installed on EY-modulo 5 modu 5 modu524",
          "product_id": "CSAFPID-31004"
        },
        "product_reference": "CSAFPID-21002",
        "relates_to_product_reference": "CSAFPID-11004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware EY-modulo 5 embedded software \u003cv6.0 installed on EY-modulo 5 modu 5 modu525",
          "product_id": "CSAFPID-31005"
        },
        "product_reference": "CSAFPID-21002",
        "relates_to_product_reference": "CSAFPID-11005"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware EY-modulo 5 embedded software \u003cv6.0 installed on EY-modulo 5 ecos 5 ecos504/505",
          "product_id": "CSAFPID-31006"
        },
        "product_reference": "CSAFPID-21002",
        "relates_to_product_reference": "CSAFPID-11006"
      },
      {
        "category": "installed_with",
        "full_product_name": {
          "name": "Firmware modulo 6 embedded software \u003cv3.2.0 installed on modulo 6 devices modu680-AS installed with Software CASE Suite \u003cv5.2 SR5",
          "product_id": "CSAFPID-31101"
        },
        "product_reference": "CSAFPID-31001",
        "relates_to_product_reference": "CSAFPID-51001"
      },
      {
        "category": "installed_with",
        "full_product_name": {
          "name": "Firmware modulo 6 embedded software v3.2.0 installed on modulo 6 devices modu680-AS installed with Software CASE Suite v5.2 SR5",
          "product_id": "CSAFPID-32201"
        },
        "product_reference": "CSAFPID-32001",
        "relates_to_product_reference": "CSAFPID-52001"
      },
      {
        "category": "installed_with",
        "full_product_name": {
          "name": "Firmware modulo 6 embedded software v3.2.0 installed on modulo 6 devices modu660-AS installed with Software CASE Suite v5.2 SR5",
          "product_id": "CSAFPID-32202"
        },
        "product_reference": "CSAFPID-32002",
        "relates_to_product_reference": "CSAFPID-52001"
      },
      {
        "category": "installed_with",
        "full_product_name": {
          "name": "Firmware modulo 6 embedded software v3.2.0 installed on modulo 6 devices modu612-LC installed with Software CASE Suite v5.2 SR5",
          "product_id": "CSAFPID-32203"
        },
        "product_reference": "CSAFPID-32003",
        "relates_to_product_reference": "CSAFPID-52001"
      },
      {
        "category": "installed_with",
        "full_product_name": {
          "name": "Firmware EY-modulo 5 embedded software v6.0 installed on EY-modulo 5 ecos 5 ecos504/505 installed with Software CASE Suite v5.2 SR5",
          "product_id": "CSAFPID-32204"
        },
        "product_reference": "CSAFPID-32006",
        "relates_to_product_reference": "CSAFPID-52001"
      },
      {
        "category": "installed_with",
        "full_product_name": {
          "name": "Firmware modulo 6 embedded software v3.2.0 installed with Software CASE Suite v5.2 SR5",
          "product_id": "CSAFPID-0005"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-52001"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Damian Pfammatter",
            "Daniel Hulliger"
          ],
          "organization": "Cyber-Defence Campus armasuisse S+T",
          "summary": "The Cyber-Defence Campus armasuisse S+T reported the vulnerability to Fr. SAUTER AG"
        }
      ],
      "cve": "CVE-2025-41719",
      "cwe": {
        "id": "CWE-1286",
        "name": "Improper Validation of Syntactic Correctness of Input"
      },
      "discovery_date": "2025-02-07T11:00:00.000Z",
      "notes": [
        {
          "category": "description",
          "text": "A low privileged remote attacker can corrupt the webserver users storage on the device by setting a sequence of unsupported characters which leads to deletion of all previously configured users and the creation of the default Administrator with a known default password.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32201",
          "CSAFPID-32202",
          "CSAFPID-32203"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003"
        ],
        "known_not_affected": [
          "CSAFPID-11004",
          "CSAFPID-11005",
          "CSAFPID-11006"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Install modulo 6 embedded software version 3.2.0 on modulo 6 devices",
          "entitlements": [
            "Contact your SAUTER representative to update to the embedded firmware version fixing the vulnerability",
            "Requires upgrade to CASE Suite v5.2SR5"
          ],
          "group_ids": [
            "CSAFGID-0001"
          ],
          "restart_required": {
            "category": "vulnerable_component",
            "details": "Update requires device restart."
          }
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade to CASE Suite v5.2 SR5",
          "group_ids": [
            "CSAFGID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Protect access to device and network according to best practices and state of the art means",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 8.8,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 8.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003"
          ]
        }
      ],
      "title": "Sauter: Improper Validation of user-controlled data"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Damian Pfammatter",
            "Daniel Hulliger"
          ],
          "organization": "Cyber-Defence Campus armasuisse S+T",
          "summary": "The Cyber-Defence Campus armasuisse S+T reported the vulnerability to Fr. SAUTER AG"
        }
      ],
      "cve": "CVE-2025-41720",
      "cwe": {
        "id": "CWE-646",
        "name": "Reliance on File Name or Extension of Externally-Supplied File"
      },
      "notes": [
        {
          "category": "description",
          "text": "A low privileged remote attacker can upload arbitrary data masked as a png file to the affected device using the webserver API because only the file extension is verified.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32201",
          "CSAFPID-32202",
          "CSAFPID-32203"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003"
        ],
        "known_not_affected": [
          "CSAFPID-11004",
          "CSAFPID-11005",
          "CSAFPID-11006"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Install modulo 6 embedded software version 3.2.0 on modulo 6 devices",
          "entitlements": [
            "Requires upgrade to CASE Suite v5.2SR5"
          ],
          "group_ids": [
            "CSAFGID-0001"
          ],
          "restart_required": {
            "category": "vulnerable_component",
            "details": "Update requires device restart"
          }
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade to CASE Suite v5.2 SR5",
          "group_ids": [
            "CSAFGID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Protect access to device and network according to best practices and state of the art means",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "environmentalScore": 4.3,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 4.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003"
          ]
        }
      ],
      "title": "Sauter: Arbitrary File Upload"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Damian Pfammatter",
            "Daniel Hulliger"
          ],
          "organization": "Cyber-Defence Campus armasuisse S+T",
          "summary": "The Cyber-Defence Campus armasuisse S+T reported the vulnerability to Fr. SAUTER AG"
        }
      ],
      "cve": "CVE-2025-41721",
      "cwe": {
        "id": "CWE-77",
        "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "description",
          "text": "A high privileged remote attacker can influence the parameters passed to the openssl command due to improper neutralization of special elements when adding a password protected self-signed certificate.",
          "title": "Vulnerability Description"
        },
        {
          "category": "details",
          "text": "This Vulnerability can be combined with CVE-2025-41720 resulting in full file system access via reverse shell.\nCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H - 7.2 ",
          "title": "Vulnerability Characterisation"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32201",
          "CSAFPID-32202",
          "CSAFPID-32203"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003"
        ],
        "known_not_affected": [
          "CSAFPID-11004",
          "CSAFPID-11005",
          "CSAFPID-11006"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Install modulo 6 embedded software version 3.2.0 on modulo 6 devices",
          "entitlements": [
            "Requires upgrade to CASE Suite v5.2SR5"
          ],
          "group_ids": [
            "CSAFGID-0001"
          ],
          "restart_required": {
            "category": "vulnerable_component",
            "details": "Update requires device restart"
          }
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade to CASE Suite v5.2 SR5",
          "group_ids": [
            "CSAFGID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Protect access to device and network according to best practices and state of the art means",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "environmentalScore": 2.7,
            "environmentalSeverity": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "temporalScore": 2.7,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003"
          ]
        }
      ],
      "title": "Sauter: Command Injection"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Damian Pfammatter",
            "Daniel Hulliger"
          ],
          "organization": "Cyber-Defence Campus armasuisse S+T",
          "summary": "The Cyber-Defence Campus armasuisse S+T reported the vulnerability to Fr. SAUTER AG"
        }
      ],
      "cve": "CVE-2025-41722",
      "cwe": {
        "id": "CWE-798",
        "name": "Use of Hard-coded Credentials"
      },
      "notes": [
        {
          "category": "description",
          "text": "The wsc server uses a hard-coded certificate to check the authenticity of SOAP messages. An unauthenticated remote attacker can extract private keys from the Software of the affected devices.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32201",
          "CSAFPID-32202",
          "CSAFPID-32203",
          "CSAFPID-32204"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Install modulo 6 embedded software version 3.2.0 on modulo 6 devices",
          "entitlements": [
            "Requires upgrade to CASE Suite v5.2SR5"
          ],
          "group_ids": [
            "CSAFGID-0001"
          ],
          "restart_required": {
            "category": "vulnerable_component",
            "details": "Update requires device restart"
          }
        },
        {
          "category": "vendor_fix",
          "details": "Install EY-modulo 5 embedded software v6.0 on supported EY-modulo 5 devices",
          "group_ids": [
            "CSAFGID-0001"
          ],
          "restart_required": {
            "category": "vulnerable_component",
            "details": "Update requires device restart"
          }
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade to CASE Suite v5.2 SR5",
          "group_ids": [
            "CSAFGID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Protect access to device and network according to best practices and state of the art means",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.5,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004",
            "CSAFPID-31005",
            "CSAFPID-31006"
          ]
        }
      ],
      "title": "Sauter: Hard-coded Authentication Credentials"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Damian Pfammatter",
            "Daniel Hulliger"
          ],
          "organization": "Cyber-Defence Campus armasuisse S+T",
          "summary": "The Cyber-Defence Campus armasuisse S+T reported the vulnerability to Fr. SAUTER AG"
        }
      ],
      "cve": "CVE-2025-41723",
      "cwe": {
        "id": "CWE-35",
        "name": "Path Traversal: \u0027.../...//\u0027"
      },
      "notes": [
        {
          "category": "description",
          "text": "The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to arbitrary locations.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32201",
          "CSAFPID-32202",
          "CSAFPID-32203",
          "CSAFPID-32204"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31006"
        ],
        "known_not_affected": [
          "CSAFPID-11004",
          "CSAFPID-11005"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Install modulo 6 embedded software version 3.2.0 on modulo 6 devices",
          "entitlements": [
            "Requires upgrade to CASE Suite v5.2SR5"
          ],
          "group_ids": [
            "CSAFGID-0001"
          ],
          "restart_required": {
            "category": "vulnerable_component",
            "details": "Update requires device restart"
          }
        },
        {
          "category": "vendor_fix",
          "details": "Install EY-modulo 5 embedded software v6.0 on supported EY-modulo 5 devices",
          "entitlements": [
            "Requires upgrade to CASE Suite v5.2SR5"
          ],
          "group_ids": [
            "CSAFGID-0001"
          ],
          "restart_required": {
            "category": "vulnerable_component",
            "details": "Update requires device restart"
          }
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade to CASE Suite v5.2 SR5",
          "group_ids": [
            "CSAFGID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Protect access to device and network according to best practices and state of the art means",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004",
            "CSAFPID-31005",
            "CSAFPID-31006"
          ]
        }
      ],
      "title": "Sauter: Directory Traversal in importFile SOAP Method"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Damian Pfammatter",
            "Daniel Hulliger"
          ],
          "organization": "Cyber-Defence Campus armasuisse S+T",
          "summary": "The Cyber-Defence Campus armasuisse S+T reported the vulnerability to Fr. SAUTER AG"
        }
      ],
      "cve": "CVE-2025-41724",
      "cwe": {
        "id": "CWE-239",
        "name": "Failure to Handle Incomplete Element"
      },
      "notes": [
        {
          "category": "description",
          "text": "An unauthenticated remote attacker can crash the wscserver by sending incomplete SOAP requests. The wscserver process will not be restarted by a watchdog and a device reboot is necessary to make it work again.\n",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32201",
          "CSAFPID-32202",
          "CSAFPID-32203",
          "CSAFPID-32204"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Install modulo 6 embedded software version 3.2.0 on modulo 6 devices",
          "entitlements": [
            "Requires upgrade to CASE Suite v5.2SR5"
          ],
          "group_ids": [
            "CSAFGID-0001"
          ],
          "restart_required": {
            "category": "vulnerable_component",
            "details": "Update requires device restart"
          }
        },
        {
          "category": "vendor_fix",
          "details": "Install EY-modulo 5 embedded software v6.0 on supported EY-modulo 5 devices",
          "entitlements": [
            "Requires upgrade to CASE Suite v5.2SR5"
          ],
          "group_ids": [
            "CSAFGID-0001"
          ],
          "restart_required": {
            "category": "vulnerable_component",
            "details": "Update requires device restart"
          }
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade to CASE Suite v5.2 SR5",
          "group_ids": [
            "CSAFGID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Protect access to device and network according to best practices and state of the art means",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "environmentalScore": 7.5,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004",
            "CSAFPID-31005",
            "CSAFPID-31006"
          ]
        }
      ],
      "title": "Sauter: Crash via Incomplete SOAP Request"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.