Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for ENERGY METER 750-24 (2540900000) by Weidmueller

    CVE-2025-41712 (GCVE-0-2025-41712)

    Vulnerability from nvd – Published: 2026-03-10 08:27 – Updated: 2026-03-10 16:51
    VLAI
    Title
    Incorrect Permission Assignment on power analyzer
    Summary
    An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get access to sensitive information on the device. This is a result of incorrect permission assignment for the web server.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    Credits
    Deutsche Telekom Security (DT Security)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41712",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T15:35:50.983890Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-10T16:51:35.020Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UMG 96RM-E 24V(5222063)",
              "vendor": "Janitza",
              "versions": [
                {
                  "lessThanOrEqual": "3.13",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UMG 96RM-E 230V(5222062)",
              "vendor": "Janitza",
              "versions": [
                {
                  "lessThanOrEqual": "3.13",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ENERGY METER 750-230 (2540910000)",
              "vendor": "Weidmueller",
              "versions": [
                {
                  "lessThanOrEqual": "3.13",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ENERGY METER 750-24 (2540900000)",
              "vendor": "Weidmueller",
              "versions": [
                {
                  "lessThanOrEqual": "3.13",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Deutsche Telekom Security (DT Security)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get access to sensitive information on the device. This is a result of incorrect permission assignment for the web server.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get access to sensitive information on the device. This is a result of incorrect permission assignment for the web server."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-10T08:27:10.120Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://certvde.com/en/advisories/VDE-2025-079/"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://certvde.com/en/advisories/VDE-2025-096/"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://janitza.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-079.json"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-096.json"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Incorrect Permission Assignment on power analyzer",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41712",
        "datePublished": "2026-03-10T08:27:10.120Z",
        "dateReserved": "2025-04-16T11:17:48.311Z",
        "dateUpdated": "2026-03-10T16:51:35.020Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41711 (GCVE-0-2025-41711)

    Vulnerability from nvd – Published: 2026-03-10 08:26 – Updated: 2026-03-10 16:51
    VLAI
    Title
    Use of a Broken or Risky Cryptographic Algorithm for firmware images of power analyzer
    Summary
    An unauthenticated remote attacker can use firmware images to extract password hashes and brute force plaintext passwords of accounts with limited access.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    Assigner
    Credits
    Deutsche Telekom Security (DT Security)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41711",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T15:57:57.426147Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-10T16:51:40.984Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UMG 96RM-E 24V(5222063)",
              "vendor": "Janitza",
              "versions": [
                {
                  "lessThanOrEqual": "3.13",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UMG 96RM-E 230V(5222062)",
              "vendor": "Janitza",
              "versions": [
                {
                  "lessThanOrEqual": "3.13",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ENERGY METER 750-230 (2540910000)",
              "vendor": "Weidmueller",
              "versions": [
                {
                  "lessThanOrEqual": "3.13",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ENERGY METER 750-24 (2540900000)",
              "vendor": "Weidmueller",
              "versions": [
                {
                  "lessThanOrEqual": "3.13",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Deutsche Telekom Security (DT Security)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn unauthenticated remote attacker can use firmware images to extract password hashes and brute force plaintext passwords of accounts with limited access.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker can use firmware images to extract password hashes and brute force plaintext passwords of accounts with limited access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-327",
                  "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-10T08:26:48.759Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://certvde.com/en/advisories/VDE-2025-079/"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://certvde.com/en/advisories/VDE-2025-096/"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://janitza.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-079.json"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-096.json"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Use of a Broken or Risky Cryptographic Algorithm for firmware images of power analyzer",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41711",
        "datePublished": "2026-03-10T08:26:48.759Z",
        "dateReserved": "2025-04-16T11:17:48.311Z",
        "dateUpdated": "2026-03-10T16:51:40.984Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41710 (GCVE-0-2025-41710)

    Vulnerability from nvd – Published: 2026-03-10 08:26 – Updated: 2026-03-10 16:51
    VLAI
    Title
    Use of Hard-coded Credentials in power analyzer
    Summary
    An unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server with limited read and write privileges.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    Credits
    Deutsche Telekom Security (DT Security)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41710",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T15:57:59.951313Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-10T16:51:47.193Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UMG 96RM-E 24V(5222063)",
              "vendor": "Janitza",
              "versions": [
                {
                  "lessThanOrEqual": "3.13",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UMG 96RM-E 230V(5222062)",
              "vendor": "Janitza",
              "versions": [
                {
                  "lessThanOrEqual": "3.13",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ENERGY METER 750-230 (2540910000)",
              "vendor": "Weidmueller",
              "versions": [
                {
                  "lessThanOrEqual": "3.13",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ENERGY METER 750-24 (2540900000)",
              "vendor": "Weidmueller",
              "versions": [
                {
                  "lessThanOrEqual": "3.13",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Deutsche Telekom Security (DT Security)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server with limited read and write privileges.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server with limited read and write privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-10T08:26:30.909Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://certvde.com/en/advisories/VDE-2025-079/"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://certvde.com/en/advisories/VDE-2025-096/"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://janitza.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-079.json"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-096.json"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Use of Hard-coded Credentials in power analyzer",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41710",
        "datePublished": "2026-03-10T08:26:30.909Z",
        "dateReserved": "2025-04-16T11:17:48.311Z",
        "dateUpdated": "2026-03-10T16:51:47.193Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41709 (GCVE-0-2025-41709)

    Vulnerability from nvd – Published: 2026-03-10 08:26 – Updated: 2026-03-18 08:16
    VLAI
    Title
    Command injection in power analyzer via Modbus-TCP and Modbus-RTU
    Summary
    An unauthenticated remote attacker can perform a command injection via Modbus-TCP or Modbus-RTU to gain read and write access on the affected device.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Credits
    Deutsche Telekom Security (DT Security)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41709",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T15:58:49.458010Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-10T16:51:53.333Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UMG 96RM-E 24V(5222063)",
              "vendor": "Janitza",
              "versions": [
                {
                  "lessThanOrEqual": "3.13",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UMG 96RM-E 230V(5222062)",
              "vendor": "Janitza",
              "versions": [
                {
                  "lessThanOrEqual": "3.13",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ENERGY METER 750-230 (2540910000)",
              "vendor": "Weidmueller",
              "versions": [
                {
                  "lessThanOrEqual": "3.13",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ENERGY METER 750-24 (2540900000)",
              "vendor": "Weidmueller",
              "versions": [
                {
                  "lessThanOrEqual": "3.13",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Deutsche Telekom Security (DT Security)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn unauthenticated remote attacker can perform a command injection via Modbus-TCP or Modbus-RTU to gain read and write access on the affected device.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker can perform a command injection via Modbus-TCP or Modbus-RTU to gain read and write access on the affected device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-18T08:16:28.698Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://certvde.com/en/advisories/VDE-2025-079/"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://certvde.com/en/advisories/VDE-2025-096/"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://janitza.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-079.json"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-096.json"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Command injection in power analyzer via Modbus-TCP and Modbus-RTU",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41709",
        "datePublished": "2026-03-10T08:26:14.936Z",
        "dateReserved": "2025-04-16T11:17:48.311Z",
        "dateUpdated": "2026-03-18T08:16:28.698Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41712 (GCVE-0-2025-41712)

    Vulnerability from cvelistv5 – Published: 2026-03-10 08:27 – Updated: 2026-03-10 16:51
    VLAI
    Title
    Incorrect Permission Assignment on power analyzer
    Summary
    An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get access to sensitive information on the device. This is a result of incorrect permission assignment for the web server.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    Credits
    Deutsche Telekom Security (DT Security)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41712",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T15:35:50.983890Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-10T16:51:35.020Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UMG 96RM-E 24V(5222063)",
              "vendor": "Janitza",
              "versions": [
                {
                  "lessThanOrEqual": "3.13",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UMG 96RM-E 230V(5222062)",
              "vendor": "Janitza",
              "versions": [
                {
                  "lessThanOrEqual": "3.13",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ENERGY METER 750-230 (2540910000)",
              "vendor": "Weidmueller",
              "versions": [
                {
                  "lessThanOrEqual": "3.13",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ENERGY METER 750-24 (2540900000)",
              "vendor": "Weidmueller",
              "versions": [
                {
                  "lessThanOrEqual": "3.13",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Deutsche Telekom Security (DT Security)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get access to sensitive information on the device. This is a result of incorrect permission assignment for the web server.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get access to sensitive information on the device. This is a result of incorrect permission assignment for the web server."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-10T08:27:10.120Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://certvde.com/en/advisories/VDE-2025-079/"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://certvde.com/en/advisories/VDE-2025-096/"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://janitza.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-079.json"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-096.json"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Incorrect Permission Assignment on power analyzer",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41712",
        "datePublished": "2026-03-10T08:27:10.120Z",
        "dateReserved": "2025-04-16T11:17:48.311Z",
        "dateUpdated": "2026-03-10T16:51:35.020Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41711 (GCVE-0-2025-41711)

    Vulnerability from cvelistv5 – Published: 2026-03-10 08:26 – Updated: 2026-03-10 16:51
    VLAI
    Title
    Use of a Broken or Risky Cryptographic Algorithm for firmware images of power analyzer
    Summary
    An unauthenticated remote attacker can use firmware images to extract password hashes and brute force plaintext passwords of accounts with limited access.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    Assigner
    Credits
    Deutsche Telekom Security (DT Security)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41711",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T15:57:57.426147Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-10T16:51:40.984Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UMG 96RM-E 24V(5222063)",
              "vendor": "Janitza",
              "versions": [
                {
                  "lessThanOrEqual": "3.13",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UMG 96RM-E 230V(5222062)",
              "vendor": "Janitza",
              "versions": [
                {
                  "lessThanOrEqual": "3.13",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ENERGY METER 750-230 (2540910000)",
              "vendor": "Weidmueller",
              "versions": [
                {
                  "lessThanOrEqual": "3.13",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ENERGY METER 750-24 (2540900000)",
              "vendor": "Weidmueller",
              "versions": [
                {
                  "lessThanOrEqual": "3.13",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Deutsche Telekom Security (DT Security)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn unauthenticated remote attacker can use firmware images to extract password hashes and brute force plaintext passwords of accounts with limited access.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker can use firmware images to extract password hashes and brute force plaintext passwords of accounts with limited access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-327",
                  "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-10T08:26:48.759Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://certvde.com/en/advisories/VDE-2025-079/"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://certvde.com/en/advisories/VDE-2025-096/"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://janitza.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-079.json"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-096.json"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Use of a Broken or Risky Cryptographic Algorithm for firmware images of power analyzer",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41711",
        "datePublished": "2026-03-10T08:26:48.759Z",
        "dateReserved": "2025-04-16T11:17:48.311Z",
        "dateUpdated": "2026-03-10T16:51:40.984Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41710 (GCVE-0-2025-41710)

    Vulnerability from cvelistv5 – Published: 2026-03-10 08:26 – Updated: 2026-03-10 16:51
    VLAI
    Title
    Use of Hard-coded Credentials in power analyzer
    Summary
    An unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server with limited read and write privileges.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    Credits
    Deutsche Telekom Security (DT Security)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41710",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T15:57:59.951313Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-10T16:51:47.193Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UMG 96RM-E 24V(5222063)",
              "vendor": "Janitza",
              "versions": [
                {
                  "lessThanOrEqual": "3.13",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UMG 96RM-E 230V(5222062)",
              "vendor": "Janitza",
              "versions": [
                {
                  "lessThanOrEqual": "3.13",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ENERGY METER 750-230 (2540910000)",
              "vendor": "Weidmueller",
              "versions": [
                {
                  "lessThanOrEqual": "3.13",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ENERGY METER 750-24 (2540900000)",
              "vendor": "Weidmueller",
              "versions": [
                {
                  "lessThanOrEqual": "3.13",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Deutsche Telekom Security (DT Security)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server with limited read and write privileges.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server with limited read and write privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-10T08:26:30.909Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://certvde.com/en/advisories/VDE-2025-079/"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://certvde.com/en/advisories/VDE-2025-096/"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://janitza.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-079.json"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-096.json"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Use of Hard-coded Credentials in power analyzer",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41710",
        "datePublished": "2026-03-10T08:26:30.909Z",
        "dateReserved": "2025-04-16T11:17:48.311Z",
        "dateUpdated": "2026-03-10T16:51:47.193Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41709 (GCVE-0-2025-41709)

    Vulnerability from cvelistv5 – Published: 2026-03-10 08:26 – Updated: 2026-03-18 08:16
    VLAI
    Title
    Command injection in power analyzer via Modbus-TCP and Modbus-RTU
    Summary
    An unauthenticated remote attacker can perform a command injection via Modbus-TCP or Modbus-RTU to gain read and write access on the affected device.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Credits
    Deutsche Telekom Security (DT Security)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41709",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T15:58:49.458010Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-10T16:51:53.333Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UMG 96RM-E 24V(5222063)",
              "vendor": "Janitza",
              "versions": [
                {
                  "lessThanOrEqual": "3.13",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UMG 96RM-E 230V(5222062)",
              "vendor": "Janitza",
              "versions": [
                {
                  "lessThanOrEqual": "3.13",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ENERGY METER 750-230 (2540910000)",
              "vendor": "Weidmueller",
              "versions": [
                {
                  "lessThanOrEqual": "3.13",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ENERGY METER 750-24 (2540900000)",
              "vendor": "Weidmueller",
              "versions": [
                {
                  "lessThanOrEqual": "3.13",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Deutsche Telekom Security (DT Security)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn unauthenticated remote attacker can perform a command injection via Modbus-TCP or Modbus-RTU to gain read and write access on the affected device.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker can perform a command injection via Modbus-TCP or Modbus-RTU to gain read and write access on the affected device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-18T08:16:28.698Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://certvde.com/en/advisories/VDE-2025-079/"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://certvde.com/en/advisories/VDE-2025-096/"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://janitza.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-079.json"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-096.json"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Command injection in power analyzer via Modbus-TCP and Modbus-RTU",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41709",
        "datePublished": "2026-03-10T08:26:14.936Z",
        "dateReserved": "2025-04-16T11:17:48.311Z",
        "dateUpdated": "2026-03-18T08:16:28.698Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }