CVE-2025-41652

Summary

The devices are vulnerable to an authentication bypass due to flaws in the authorization mechanism. An unauthenticated remote attacker could exploit this weakness by performing brute-force attacks to guess valid credentials or by using MD5 collision techniques to forge authentication hashes, potentially compromising the device.

Affected Software

VendorProductVersion RangeStatus
WeidmuellerIE-SW-VL05M-5TX0.0.0 < 3.6.32affected
WeidmuellerIE-SW-VL05MT-5TX0.0.0 < 3.6.32affected
WeidmuellerIE-SW-VL08MT-8TX0.0.0 < 3.6.32affected
WeidmuellerIE-SW-VL08MT-5TX-1SC-2SCS0.0.0 < 3.5.36affected
WeidmuellerIE-SW-VL08MT-6TX-2SC0.0.0 < 3.5.36affected
WeidmuellerIE-SW-VL08MT-6TX-2ST0.0.0 < 3.5.36affected
WeidmuellerIE-SW-VL08MT-6TX-2SCS0.0.0 < 3.5.36affected
WeidmuellerIE-SW-PL10M-3GT-7TX0.0.0 < 3.3.34affected
WeidmuellerIE-SW-PL10MT-3GT-7TX0.0.0 < 3.3.34affected
WeidmuellerIE-SW-PL16M-16TX0.0.0 < 3.4.32affected
WeidmuellerIE-SW-PL16MT-16TX0.0.0 < 3.4.32affected
WeidmuellerIE-SW-PL18M-2GC-16TX0.0.0 < 3.4.40affected
WeidmuellerIE-SW-PL18MT-2GC-16TX0.0.0 < 3.4.40affected

Weaknesses

  • CWE-328: CWE-328 Use of Weak Hash

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References