CVE-2025-41651

Summary

Due to missing authentication on a critical function of the devices an unauthenticated remote attacker can execute arbitrary commands, potentially enabling unauthorized upload or download of configuration files and leading to full system compromise.

Affected Software

VendorProductVersion RangeStatus
WeidmuellerIE-SW-VL05M-5TX0.0.0 < 3.6.32affected
WeidmuellerIE-SW-VL05MT-5TX0.0.0 < 3.6.32affected
WeidmuellerIE-SW-VL08MT-8TX0.0.0 < 3.5.36affected
WeidmuellerIE-SW-VL08MT-5TX-1SC-2SCS0.0.0 < 3.5.36affected
WeidmuellerIE-SW-VL08MT-6TX-2SC0.0.0 < 3.5.36affected
WeidmuellerIE-SW-VL08MT-6TX-2ST0.0.0 < 3.5.36affected
WeidmuellerIE-SW-VL08MT-6TX-2SCS0.0.0 < 3.5.36affected
WeidmuellerIE-SW-PL10M-3GT-7TX0.0.0 < 3.3.34affected
WeidmuellerIE-SW-PL10MT-3GT-7TX0.0.0 < 3.3.34affected
WeidmuellerIE-SW-PL16M-16TX0.0.0 < 3.4.32affected
WeidmuellerIE-SW-PL16MT-16TX0.0.0 < 3.4.32affected
WeidmuellerIE-SW-PL18M-2GC-16TX0.0.0 < 3.4.40affected
WeidmuellerIE-SW-PL18MT-2GC-16TX0.0.0 < 3.4.40affected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References