VDE-2025-044
Vulnerability from csaf_weidmuellerinterfacegmbhcokg - Published: 2025-05-27 09:00 - Updated: 2025-08-27 10:00Summary
Weidmueller: Industrial ethernet switches are affected by multiple vulnerabilities
Severity
Critical
Notes
Summary: Weidmueller industrial ethernet switches are affected by multiple vulnerabilities.
Weidmueller has released new firmwares of the affected products to fix the vulnerabilities.
General Recommendation: As a general security measure, Weidmueller strongly recommends minimizing network exposure of products. Limit access to trusted networks by using appropriate mechanisms.
Impact: Weidmueller industrial ethernet switches are vulnerable to multiple vulnerabilities. The security of the devices may be compromised. Further information can be found under vulnerability details.
Remediation: Update to the new version as listed in the following table:
| Product | Affected Version | Fixed Version |
|----------------------------------|------------------|---------------|
| IE-SW-VL05M-5TX | <V3.6.32 | V3.6.32 |
| IE-SW-VL05MT-5TX | <V3.6.32 | V3.6.32 |
| IE-SW-VL08MT-8TX | <V3.5.36 | V3.5.36 |
| IE-SW-VL08MT-5TX-1SC-2SCS | <V3.5.36 | V3.5.36 |
| IE-SW-VL08MT-6TX-2SC | <V3.5.36 | V3.5.36 |
| IE-SW-VL08MT-6TX-2ST | <V3.5.36 | V3.5.36 |
| IE-SW-VL08MT-6TX-2SCS | <V3.5.36 | V3.5.36 |
| IE-SW-PL10M-3GT-7TX | <V3.3.34 | V3.3.34 |
| IE-SW-PL10MT-3GT-7TX | <V3.3.34 | V3.3.34 |
| IE-SW-PL16M-16TX | <V3.4.32 | V3.4.32 |
| IE-SW-PL16MT-16TX | <V3.4.32 | V3.4.32 |
| IE-SW-PL18M-2GC-16TX | <V3.4.40 | V3.4.40 |
| IE-SW-PL18MT-2GC-16TX | <V3.4.40 | V3.4.40 |
An unauthenticated remote attacker can exploit insufficient input validation to write data beyond the bounds of a buffer, potentially leading to a denial-of-service condition for the devices.
7.5 (High)
Vendor Fix
Update to version V3.6.32
Vendor Fix
Update to version V3.5.36
Vendor Fix
Update to version V3.3.34
Vendor Fix
Update to version V3.4.32
Vendor Fix
Update to version V3.4.40
An unauthenticated remote attacker can exploit input validation in cmd services of the devices, allowing them to disrupt system operations and potentially cause a denial-of-service.
7.5 (High)
Vendor Fix
Update to version V3.6.32
Vendor Fix
Update to version V3.5.36
Vendor Fix
Update to version V3.3.34
Vendor Fix
Update to version V3.4.32
Vendor Fix
Update to version V3.4.40
Due to missing authentication on a critical function of the devices an unauthenticated remote attacker can execute arbitrary commands, potentially enabling unauthorized upload or download of configuration files and leading to full system compromise.
9.8 (Critical)
Vendor Fix
Update to version V3.6.32
Vendor Fix
Update to version V3.5.36
Vendor Fix
Update to version V3.3.34
Vendor Fix
Update to version V3.4.32
Vendor Fix
Update to version V3.4.40
The devices are vulnerable to an authentication bypass due to flaws in the authorization mechanism. An unauthenticated remote attacker could exploit this weakness by performing brute-force attacks to guess valid credentials or by using MD5 collision techniques to forge authentication hashes, potentially compromising the device.
9.8 (Critical)
Vendor Fix
Update to version V3.6.32
Vendor Fix
Update to version V3.5.36
Vendor Fix
Update to version V3.3.34
Vendor Fix
Update to version V3.4.32
Vendor Fix
Update to version V3.4.40
An unauthenticated remote attacker can exploit a denial-of-service vulnerability in the device's web server functionality by sending a specially crafted HTTP request with a malicious header, potentially causing the server to crash or become unresponsive.
7.5 (High)
Vendor Fix
Update to version V3.6.32
Vendor Fix
Update to version V3.5.36
Vendor Fix
Update to version V3.3.34
Vendor Fix
Update to version V3.4.32
Vendor Fix
Update to version V3.4.40
References
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
}
],
"aggregate_severity": {
"namespace": "https://www.first.org/cvss/v3.1/specification-document",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "Weidmueller industrial ethernet switches are affected by multiple vulnerabilities.\n\nWeidmueller has released new firmwares of the affected products to fix the vulnerabilities.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Weidmueller strongly recommends minimizing network exposure of products. Limit access to trusted networks by using appropriate mechanisms. ",
"title": "General Recommendation"
},
{
"category": "description",
"text": "Weidmueller industrial ethernet switches are vulnerable to multiple vulnerabilities. The security of the devices may be compromised. Further information can be found under vulnerability details.",
"title": "Impact"
},
{
"category": "description",
"text": "Update to the new version as listed in the following table:\n| Product | Affected Version | Fixed Version |\n|----------------------------------|------------------|---------------|\n| IE-SW-VL05M-5TX | \u003cV3.6.32 | V3.6.32 |\n| IE-SW-VL05MT-5TX | \u003cV3.6.32 | V3.6.32 |\n| IE-SW-VL08MT-8TX | \u003cV3.5.36 | V3.5.36 |\n| IE-SW-VL08MT-5TX-1SC-2SCS | \u003cV3.5.36 | V3.5.36 |\n| IE-SW-VL08MT-6TX-2SC | \u003cV3.5.36 | V3.5.36 |\n| IE-SW-VL08MT-6TX-2ST | \u003cV3.5.36 | V3.5.36 |\n| IE-SW-VL08MT-6TX-2SCS | \u003cV3.5.36 | V3.5.36 |\n| IE-SW-PL10M-3GT-7TX | \u003cV3.3.34 | V3.3.34 |\n| IE-SW-PL10MT-3GT-7TX | \u003cV3.3.34 | V3.3.34 |\n| IE-SW-PL16M-16TX | \u003cV3.4.32 | V3.4.32 |\n| IE-SW-PL16MT-16TX | \u003cV3.4.32 | V3.4.32 |\n| IE-SW-PL18M-2GC-16TX | \u003cV3.4.40 | V3.4.40 |\n| IE-SW-PL18MT-2GC-16TX | \u003cV3.4.40 | V3.4.40 |\n",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@weidmueller.com",
"name": "Weidmueller Interface GmbH \u0026 Co. KG",
"namespace": "https://www.weidmueller.com"
},
"references": [
{
"category": "external",
"summary": "Weidmueller Security Advisory Board",
"url": "https://support.weidmueller.com/support-center/popular-resources/security-advisory-board"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Weidmueller",
"url": "https://certvde.com/de/advisories/vendor/weidmueller/"
},
{
"category": "self",
"summary": "VDE-2025-044: Weidmueller: Industrial ethernet switches are affected by multiple vulnerabilities - HTML",
"url": "https://certvde.com/de/advisories/VDE-2025-044"
},
{
"category": "self",
"summary": "VDE-2025-044: Weidmueller: Industrial ethernet switches are affected by multiple vulnerabilities - CSAF",
"url": "https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-044.json"
}
],
"title": "Weidmueller: Industrial ethernet switches are affected by multiple vulnerabilities",
"tracking": {
"aliases": [
"VDE-2025-044",
"WMSA-2500001"
],
"current_release_date": "2025-08-27T10:00:00.000Z",
"generator": {
"date": "2025-08-28T07:36:09.121Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.34"
}
},
"id": "VDE-2025-044",
"initial_release_date": "2025-05-27T09:00:00.000Z",
"revision_history": [
{
"date": "2025-05-27T09:00:00.000Z",
"number": "1.0.0",
"summary": "Initial version"
},
{
"date": "2025-08-27T10:00:00.000Z",
"number": "1.1.0",
"summary": "Update: CWE from CVE-2025-41652, Revision History"
}
],
"status": "final",
"version": "1.1.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IE-SW-VL05M-5TX",
"product": {
"name": "IE-SW-VL05M-5TX",
"product_id": "CSAFPID-0001",
"product_identification_helper": {
"model_numbers": [
"1504280000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-VL05MT-5TX",
"product": {
"name": "IE-SW-VL05MT-5TX",
"product_id": "CSAFPID-0002",
"product_identification_helper": {
"model_numbers": [
"1504310000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-VL08MT-8TX",
"product": {
"name": "IE-SW-VL08MT-8TX",
"product_id": "CSAFPID-0003",
"product_identification_helper": {
"model_numbers": [
"1240940000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-VL08MT-5TX-1SC-2SCS",
"product": {
"name": "IE-SW-VL08MT-5TX-1SC-2SCS",
"product_id": "CSAFPID-0004",
"product_identification_helper": {
"model_numbers": [
"1345240000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-VL08MT-6TX-2SC",
"product": {
"name": "IE-SW-VL08MT-6TX-2SC",
"product_id": "CSAFPID-0005",
"product_identification_helper": {
"model_numbers": [
"1344770000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-VL08MT-6TX-2ST",
"product": {
"name": "IE-SW-VL08MT-6TX-2ST",
"product_id": "CSAFPID-0006",
"product_identification_helper": {
"model_numbers": [
"1240990000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-VL08MT-6TX-2SCS",
"product": {
"name": "IE-SW-VL08MT-6TX-2SCS",
"product_id": "CSAFPID-0007",
"product_identification_helper": {
"model_numbers": [
"1241020000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-PL10M-3GT-7TX",
"product": {
"name": "IE-SW-PL10M-3GT-7TX",
"product_id": "CSAFPID-0008",
"product_identification_helper": {
"model_numbers": [
"1241290000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-PL10MT-3GT-7TX",
"product": {
"name": "IE-SW-PL10MT-3GT-7TX",
"product_id": "CSAFPID-0009",
"product_identification_helper": {
"model_numbers": [
"1286930000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-PL16M-16TX",
"product": {
"name": "IE-SW-PL16M-16TX",
"product_id": "CSAFPID-0010",
"product_identification_helper": {
"model_numbers": [
"1241100000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-PL16MT-16TX",
"product": {
"name": "IE-SW-PL16MT-16TX",
"product_id": "CSAFPID-0011",
"product_identification_helper": {
"model_numbers": [
"1286820000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-PL18M-2GC-16TX",
"product": {
"name": "IE-SW-PL18M-2GC-16TX",
"product_id": "CSAFPID-0012",
"product_identification_helper": {
"model_numbers": [
"1241320000"
]
}
}
},
{
"category": "product_name",
"name": "IE-SW-PL18MT-2GC-16TX",
"product": {
"name": "IE-SW-PL18MT-2GC-16TX",
"product_id": "CSAFPID-0013",
"product_identification_helper": {
"model_numbers": [
"1286970000"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.6.32",
"product": {
"name": "Firmware \u003cV3.6.32",
"product_id": "CSAFPID-21014"
}
},
{
"category": "product_version_range",
"name": "\u003cV3.5.36",
"product": {
"name": "Firmware \u003cV3.5.36",
"product_id": "CSAFPID-21015"
}
},
{
"category": "product_version_range",
"name": "\u003cV3.3.34",
"product": {
"name": "Firmware \u003cV3.3.34",
"product_id": "CSAFPID-21016"
}
},
{
"category": "product_version_range",
"name": "\u003cV3.4.32",
"product": {
"name": "Firmware \u003cV3.4.32",
"product_id": "CSAFPID-21017"
}
},
{
"category": "product_version_range",
"name": "\u003cV3.4.40",
"product": {
"name": "Firmware \u003cV3.4.40",
"product_id": "CSAFPID-21018"
}
},
{
"category": "product_version",
"name": "V3.6.32",
"product": {
"name": "Firmware V3.6.30",
"product_id": "CSAFPID-22019"
}
},
{
"category": "product_version",
"name": "V3.5.36",
"product": {
"name": "Firmware V3.5.34",
"product_id": "CSAFPID-22020"
}
},
{
"category": "product_version",
"name": "V3.3.34",
"product": {
"name": "Firmware V3.3.32",
"product_id": "CSAFPID-22021"
}
},
{
"category": "product_version",
"name": "V3.4.32",
"product": {
"name": "Firmware V3.4.30",
"product_id": "CSAFPID-22022"
}
},
{
"category": "product_version",
"name": "V3.4.40",
"product": {
"name": "Firmware V3.4.38",
"product_id": "CSAFPID-22023"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Weidmueller"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032",
"CSAFPID-31033",
"CSAFPID-31034",
"CSAFPID-31035",
"CSAFPID-31036"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32037",
"CSAFPID-32038",
"CSAFPID-32039",
"CSAFPID-32040",
"CSAFPID-32041",
"CSAFPID-32042",
"CSAFPID-32043",
"CSAFPID-32044",
"CSAFPID-32045",
"CSAFPID-32046",
"CSAFPID-32047",
"CSAFPID-32048",
"CSAFPID-32049"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cV3.6.32 installed on IE-SW-VL05M-5TX",
"product_id": "CSAFPID-31024"
},
"product_reference": "CSAFPID-21014",
"relates_to_product_reference": "CSAFPID-0001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cV3.6.32 installed on IE-SW-VL05MT-5TX",
"product_id": "CSAFPID-31025"
},
"product_reference": "CSAFPID-21014",
"relates_to_product_reference": "CSAFPID-0002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cV3.5.36 installed on IE-SW-VL08MT-8TX",
"product_id": "CSAFPID-31026"
},
"product_reference": "CSAFPID-21015",
"relates_to_product_reference": "CSAFPID-0003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cV3.5.36 installed on IE-SW-VL08MT-5TX-1SC-2SCS",
"product_id": "CSAFPID-31027"
},
"product_reference": "CSAFPID-21015",
"relates_to_product_reference": "CSAFPID-0004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cV3.5.36 installed on IE-SW-VL08MT-6TX-2SC",
"product_id": "CSAFPID-31028"
},
"product_reference": "CSAFPID-21015",
"relates_to_product_reference": "CSAFPID-0005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cV3.5.36 installed on IE-SW-VL08MT-6TX-2ST",
"product_id": "CSAFPID-31029"
},
"product_reference": "CSAFPID-21015",
"relates_to_product_reference": "CSAFPID-0006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cV3.5.36 installed on IE-SW-VL08MT-6TX-2SCS",
"product_id": "CSAFPID-31030"
},
"product_reference": "CSAFPID-21015",
"relates_to_product_reference": "CSAFPID-0007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cV3.3.34 installed on IE-SW-PL10M-3GT-7TX",
"product_id": "CSAFPID-31031"
},
"product_reference": "CSAFPID-21016",
"relates_to_product_reference": "CSAFPID-0008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cV3.3.34 installed on IE-SW-PL10MT-3GT-7TX",
"product_id": "CSAFPID-31032"
},
"product_reference": "CSAFPID-21016",
"relates_to_product_reference": "CSAFPID-0009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cV3.4.32 installed on IE-SW-PL16M-16TX",
"product_id": "CSAFPID-31033"
},
"product_reference": "CSAFPID-21017",
"relates_to_product_reference": "CSAFPID-0010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cV3.4.32 installed on IE-SW-PL16MT-16TX",
"product_id": "CSAFPID-31034"
},
"product_reference": "CSAFPID-21017",
"relates_to_product_reference": "CSAFPID-0011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cV3.4.40 installed on IE-SW-PL18M-2GC-16TX",
"product_id": "CSAFPID-31035"
},
"product_reference": "CSAFPID-21018",
"relates_to_product_reference": "CSAFPID-0012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cV3.4.40 installed on IE-SW-PL18MT-2GC-16TX",
"product_id": "CSAFPID-31036"
},
"product_reference": "CSAFPID-21018",
"relates_to_product_reference": "CSAFPID-0013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.6.32 installed on IE-SW-VL05M-5TX",
"product_id": "CSAFPID-32037"
},
"product_reference": "CSAFPID-22019",
"relates_to_product_reference": "CSAFPID-0001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.6.32 installed on IE-SW-VL05MT-5TX",
"product_id": "CSAFPID-32038"
},
"product_reference": "CSAFPID-22019",
"relates_to_product_reference": "CSAFPID-0002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.5.36 installed on IE-SW-VL08MT-8TX",
"product_id": "CSAFPID-32039"
},
"product_reference": "CSAFPID-22020",
"relates_to_product_reference": "CSAFPID-0003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.5.36 installed on IE-SW-VL08MT-5TX-1SC-2SCS",
"product_id": "CSAFPID-32040"
},
"product_reference": "CSAFPID-22020",
"relates_to_product_reference": "CSAFPID-0004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.5.36 installed on IE-SW-VL08MT-6TX-2SC",
"product_id": "CSAFPID-32041"
},
"product_reference": "CSAFPID-22020",
"relates_to_product_reference": "CSAFPID-0005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.5.36 installed on IE-SW-VL08MT-6TX-2ST",
"product_id": "CSAFPID-32042"
},
"product_reference": "CSAFPID-22020",
"relates_to_product_reference": "CSAFPID-0006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.5.36 installed on IE-SW-VL08MT-6TX-2SCS",
"product_id": "CSAFPID-32043"
},
"product_reference": "CSAFPID-22020",
"relates_to_product_reference": "CSAFPID-0007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.3.34 installed on IE-SW-PL10M-3GT-7TX",
"product_id": "CSAFPID-32044"
},
"product_reference": "CSAFPID-22021",
"relates_to_product_reference": "CSAFPID-0008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.3.34 installed on IE-SW-PL10MT-3GT-7TX",
"product_id": "CSAFPID-32045"
},
"product_reference": "CSAFPID-22021",
"relates_to_product_reference": "CSAFPID-0009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.4.32 installed on IE-SW-PL16M-16TX",
"product_id": "CSAFPID-32046"
},
"product_reference": "CSAFPID-22022",
"relates_to_product_reference": "CSAFPID-0010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.4.32 installed on IE-SW-PL16MT-16TX",
"product_id": "CSAFPID-32047"
},
"product_reference": "CSAFPID-22022",
"relates_to_product_reference": "CSAFPID-0011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.4.40 installed on IE-SW-PL18M-2GC-16TX",
"product_id": "CSAFPID-32048"
},
"product_reference": "CSAFPID-22023",
"relates_to_product_reference": "CSAFPID-0012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V3.4.40 installed on IE-SW-PL18MT-2GC-16TX",
"product_id": "CSAFPID-32049"
},
"product_reference": "CSAFPID-22023",
"relates_to_product_reference": "CSAFPID-0013"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-41649",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "An unauthenticated remote attacker can exploit insufficient input validation to write data beyond the bounds of a buffer, potentially leading to a denial-of-service condition for the devices.",
"title": "Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32037",
"CSAFPID-32038",
"CSAFPID-32039",
"CSAFPID-32040",
"CSAFPID-32041",
"CSAFPID-32042",
"CSAFPID-32043",
"CSAFPID-32044",
"CSAFPID-32045",
"CSAFPID-32046",
"CSAFPID-32047",
"CSAFPID-32048",
"CSAFPID-32049"
],
"known_affected": [
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032",
"CSAFPID-31033",
"CSAFPID-31034",
"CSAFPID-31035",
"CSAFPID-31036"
]
},
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-19T08:00:00.000Z",
"details": "Update to version V3.6.32",
"product_ids": [
"CSAFPID-31024",
"CSAFPID-31025"
]
},
{
"category": "vendor_fix",
"date": "2025-05-19T08:00:00.000Z",
"details": "Update to version V3.5.36",
"product_ids": [
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030"
]
},
{
"category": "vendor_fix",
"date": "2025-05-19T08:00:00.000Z",
"details": "Update to version V3.3.34",
"product_ids": [
"CSAFPID-31031",
"CSAFPID-31032"
]
},
{
"category": "vendor_fix",
"date": "2025-05-19T08:00:00.000Z",
"details": "Update to version V3.4.32",
"product_ids": [
"CSAFPID-31033",
"CSAFPID-31034"
]
},
{
"category": "vendor_fix",
"date": "2025-05-19T08:00:00.000Z",
"details": "Update to version V3.4.40",
"product_ids": [
"CSAFPID-31035",
"CSAFPID-31036"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032",
"CSAFPID-31033",
"CSAFPID-31034",
"CSAFPID-31035",
"CSAFPID-31036"
]
}
],
"title": "CVE-2025-41649"
},
{
"cve": "CVE-2025-41650",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"notes": [
{
"category": "description",
"text": "An unauthenticated remote attacker can exploit input validation in cmd services of the devices, allowing them to disrupt system operations and potentially cause a denial-of-service.",
"title": "Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32037",
"CSAFPID-32038",
"CSAFPID-32039",
"CSAFPID-32040",
"CSAFPID-32041",
"CSAFPID-32042",
"CSAFPID-32043",
"CSAFPID-32044",
"CSAFPID-32045",
"CSAFPID-32046",
"CSAFPID-32047",
"CSAFPID-32048",
"CSAFPID-32049"
],
"known_affected": [
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032",
"CSAFPID-31033",
"CSAFPID-31034",
"CSAFPID-31035",
"CSAFPID-31036"
]
},
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-19T08:00:00.000Z",
"details": "Update to version V3.6.32",
"product_ids": [
"CSAFPID-31024",
"CSAFPID-31025"
]
},
{
"category": "vendor_fix",
"date": "2025-05-19T08:00:00.000Z",
"details": "Update to version V3.5.36",
"product_ids": [
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030"
]
},
{
"category": "vendor_fix",
"date": "2025-05-19T08:00:00.000Z",
"details": "Update to version V3.3.34",
"product_ids": [
"CSAFPID-31031",
"CSAFPID-31032"
]
},
{
"category": "vendor_fix",
"date": "2025-05-19T08:00:00.000Z",
"details": "Update to version V3.4.32",
"product_ids": [
"CSAFPID-31033",
"CSAFPID-31034"
]
},
{
"category": "vendor_fix",
"date": "2025-05-19T08:00:00.000Z",
"details": "Update to version V3.4.40",
"product_ids": [
"CSAFPID-31035",
"CSAFPID-31036"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032",
"CSAFPID-31033",
"CSAFPID-31034",
"CSAFPID-31035",
"CSAFPID-31036"
]
}
],
"title": "CVE-2025-41650"
},
{
"cve": "CVE-2025-41651",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "description",
"text": "Due to missing authentication on a critical function of the devices an unauthenticated remote attacker can execute arbitrary commands, potentially enabling unauthorized upload or download of configuration files and leading to full system compromise.",
"title": "Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32037",
"CSAFPID-32038",
"CSAFPID-32039",
"CSAFPID-32040",
"CSAFPID-32041",
"CSAFPID-32042",
"CSAFPID-32043",
"CSAFPID-32044",
"CSAFPID-32045",
"CSAFPID-32046",
"CSAFPID-32047",
"CSAFPID-32048",
"CSAFPID-32049"
],
"known_affected": [
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032",
"CSAFPID-31033",
"CSAFPID-31034",
"CSAFPID-31035",
"CSAFPID-31036"
]
},
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-19T08:00:00.000Z",
"details": "Update to version V3.6.32",
"product_ids": [
"CSAFPID-31024",
"CSAFPID-31025"
]
},
{
"category": "vendor_fix",
"date": "2025-05-19T08:00:00.000Z",
"details": "Update to version V3.5.36",
"product_ids": [
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030"
]
},
{
"category": "vendor_fix",
"date": "2025-05-19T08:00:00.000Z",
"details": "Update to version V3.3.34",
"product_ids": [
"CSAFPID-31031",
"CSAFPID-31032"
]
},
{
"category": "vendor_fix",
"date": "2025-05-19T08:00:00.000Z",
"details": "Update to version V3.4.32",
"product_ids": [
"CSAFPID-31033",
"CSAFPID-31034"
]
},
{
"category": "vendor_fix",
"date": "2025-05-19T08:00:00.000Z",
"details": "Update to version V3.4.40",
"product_ids": [
"CSAFPID-31035",
"CSAFPID-31036"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032",
"CSAFPID-31033",
"CSAFPID-31034",
"CSAFPID-31035",
"CSAFPID-31036"
]
}
],
"title": "CVE-2025-41651"
},
{
"cve": "CVE-2025-41652",
"cwe": {
"id": "CWE-328",
"name": "Use of Weak Hash"
},
"notes": [
{
"category": "description",
"text": "The devices are vulnerable to an authentication bypass due to flaws in the authorization mechanism. An unauthenticated remote attacker could exploit this weakness by performing brute-force attacks to guess valid credentials or by using MD5 collision techniques to forge authentication hashes, potentially compromising the device.",
"title": "Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32037",
"CSAFPID-32038",
"CSAFPID-32039",
"CSAFPID-32040",
"CSAFPID-32041",
"CSAFPID-32042",
"CSAFPID-32043",
"CSAFPID-32044",
"CSAFPID-32045",
"CSAFPID-32046",
"CSAFPID-32047",
"CSAFPID-32048",
"CSAFPID-32049"
],
"known_affected": [
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032",
"CSAFPID-31033",
"CSAFPID-31034",
"CSAFPID-31035",
"CSAFPID-31036"
]
},
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-19T08:00:00.000Z",
"details": "Update to version V3.6.32",
"product_ids": [
"CSAFPID-31024",
"CSAFPID-31025"
]
},
{
"category": "vendor_fix",
"date": "2025-05-19T08:00:00.000Z",
"details": "Update to version V3.5.36",
"product_ids": [
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030"
]
},
{
"category": "vendor_fix",
"date": "2025-05-19T08:00:00.000Z",
"details": "Update to version V3.3.34",
"product_ids": [
"CSAFPID-31031",
"CSAFPID-31032"
]
},
{
"category": "vendor_fix",
"date": "2025-05-19T08:00:00.000Z",
"details": "Update to version V3.4.32",
"product_ids": [
"CSAFPID-31033",
"CSAFPID-31034"
]
},
{
"category": "vendor_fix",
"date": "2025-05-19T08:00:00.000Z",
"details": "Update to version V3.4.40",
"product_ids": [
"CSAFPID-31035",
"CSAFPID-31036"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032",
"CSAFPID-31033",
"CSAFPID-31034",
"CSAFPID-31035",
"CSAFPID-31036"
]
}
],
"title": "CVE-2025-41652"
},
{
"cve": "CVE-2025-41653",
"cwe": {
"id": "CWE-410",
"name": "Insufficient Resource Pool"
},
"notes": [
{
"category": "description",
"text": "An unauthenticated remote attacker can exploit a denial-of-service vulnerability in the device\u0027s web server functionality by sending a specially crafted HTTP request with a malicious header, potentially causing the server to crash or become unresponsive.",
"title": "Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32037",
"CSAFPID-32038",
"CSAFPID-32039",
"CSAFPID-32040",
"CSAFPID-32041",
"CSAFPID-32042",
"CSAFPID-32043",
"CSAFPID-32044",
"CSAFPID-32045",
"CSAFPID-32046",
"CSAFPID-32047",
"CSAFPID-32048",
"CSAFPID-32049"
],
"known_affected": [
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032",
"CSAFPID-31033",
"CSAFPID-31034",
"CSAFPID-31035",
"CSAFPID-31036"
]
},
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-19T08:00:00.000Z",
"details": "Update to version V3.6.32",
"product_ids": [
"CSAFPID-31024",
"CSAFPID-31025"
]
},
{
"category": "vendor_fix",
"date": "2025-05-19T08:00:00.000Z",
"details": "Update to version V3.5.36",
"product_ids": [
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030"
]
},
{
"category": "vendor_fix",
"date": "2025-05-19T08:00:00.000Z",
"details": "Update to version V3.3.34",
"product_ids": [
"CSAFPID-31031",
"CSAFPID-31032"
]
},
{
"category": "vendor_fix",
"date": "2025-05-19T08:00:00.000Z",
"details": "Update to version V3.4.32",
"product_ids": [
"CSAFPID-31033",
"CSAFPID-31034"
]
},
{
"category": "vendor_fix",
"date": "2025-05-19T08:00:00.000Z",
"details": "Update to version V3.4.40",
"product_ids": [
"CSAFPID-31035",
"CSAFPID-31036"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032",
"CSAFPID-31033",
"CSAFPID-31034",
"CSAFPID-31035",
"CSAFPID-31036"
]
}
],
"title": "CVE-2025-41653"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…