CVE-2025-41711

Summary

An unauthenticated remote attacker can use firmware images to extract password hashes and brute force plaintext passwords of accounts with limited access.

Affected Software

VendorProductVersion RangeStatus
JanitzaUMG 96RM-E 24V(5222063)0.0 <= 3.13affected
JanitzaUMG 96RM-E 230V(5222062)0.0 <= 3.13affected
WeidmuellerENERGY METER 750-230 (2540910000)0.0 <= 3.13affected
WeidmuellerENERGY METER 750-24 (2540900000)0.0 <= 3.13affected

Weaknesses

  • CWE-327: CWE-327 Use of a Broken or Risky Cryptographic Algorithm

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References