CVE-2025-41648

Summary

An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available settings of the IndustrialPI.

Affected Software

VendorProductVersion RangeStatus
PilzIndustrialPI 4 with IndustrialPI webstatus0 < 2.4.6affected

Weaknesses

  • CWE-704: CWE-704 Incorrect Type Conversion or Cast

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References