CVE-2025-41709

Summary

An unauthenticated remote attacker can perform a command injection via Modbus-TCP or Modbus-RTU to gain read and write access on the affected device.

Affected Software

VendorProductVersion RangeStatus
JanitzaUMG 96RM-E 24V(5222063)0.0 <= 3.13affected
JanitzaUMG 96RM-E 230V(5222062)0.0 <= 3.13affected
WeidmuellerENERGY METER 750-230 (2540910000)0.0 <= 3.13affected
WeidmuellerENERGY METER 750-24 (2540900000)0.0 <= 3.13affected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References