Back to overview

CVE-2025-41651

CRITICAL
9.8
CVSS 3.1
Description
Due to missing authentication on a critical function of the devices an unauthenticated remote attacker can execute arbitrary commands, potentially enabling unauthorized upload or download of configuration files and leading to full system compromise.

Metadata

CVE ID
CVE-2025-41651
State
PUBLISHED
Assigner
CERTVDE
Reserved
2025-04-16 11:17 UTC
Published
2025-05-27 08:38 UTC
Last updated
2025-05-27 13:26 UTC
Primary CWE
CWE-306
CWE-306 Missing Authentication for Critical Function
Vendor / Product
Weidmueller / IE-SW-VL05M-5TX
Sources
cve.org  ·  NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SSVC — CISA Coordinator
Exploitation
none
Automatable
yes
Tech. Impact
total
Affected products (13)
VendorProductPlatformVersions
Weidmueller IE-SW-PL10M-3GT-7TX 0.0.0 < 3.3.34
Weidmueller IE-SW-PL10MT-3GT-7TX 0.0.0 < 3.3.34
Weidmueller IE-SW-PL16M-16TX 0.0.0 < 3.4.32
Weidmueller IE-SW-PL16MT-16TX 0.0.0 < 3.4.32
Weidmueller IE-SW-PL18M-2GC-16TX 0.0.0 < 3.4.40
Weidmueller IE-SW-PL18MT-2GC-16TX 0.0.0 < 3.4.40
Weidmueller IE-SW-VL05M-5TX 0.0.0 < 3.6.32
Weidmueller IE-SW-VL05MT-5TX 0.0.0 < 3.6.32
Weidmueller IE-SW-VL08MT-5TX-1SC-2SCS 0.0.0 < 3.5.36
Weidmueller IE-SW-VL08MT-6TX-2SC 0.0.0 < 3.5.36
Weidmueller IE-SW-VL08MT-6TX-2SCS 0.0.0 < 3.5.36
Weidmueller IE-SW-VL08MT-6TX-2ST 0.0.0 < 3.5.36
Weidmueller IE-SW-VL08MT-8TX 0.0.0 < 3.5.36
Weakness (CWE)
CWESourceDescription
CWE-306 cna CWE-306 Missing Authentication for Critical Function
CVSS scores (1)
ScoreSeverityVersionSourceVector
9.8 CRITICAL 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References (1)
Back to overview