VDE-2025-060

Vulnerability from csaf_sauterag - Published: 2025-10-21 10:00 - Updated: 2025-10-27 11:00
Summary
Sauter: Multiple vulnerabilities in SAUTER modulo 6
Severity
High
Notes
Summary: Vulnerabilities have been discovered in the embedded firmware of SAUTER modulo 6 devices. These vulnerabilities affect the embedded web server as well as the interface to the SAUTER CASE Suite tools.
Remediation: Update to firmware version 3.2.0. or newer. This will require CASE Suite Version 5.2 SR5 or newer. Contact your local SAUTER representative for support.
Impact: The vulnerabilities in the modulo 6 devices allow privilege escalation, remote exploitation, and compromise of device integrity, availability and confidentiality.
CVE-2025-41719

A low privileged remote attacker can corrupt the webserver users storage on the device by setting a sequence of unsupported characters which leads to deletion of all previously configured users and the creation of the default Administrator with a known default password.

8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-1286 - Improper Validation of Syntactic Correctness of Input
Vendor Fix Install modulo 6 embedded software version 3.2.0 on modulo 6 devices
Vendor Fix Upgrade to CASE Suite v5.2 SR5
Mitigation Protect access to device and network according to best practices and state of the art means
Affected products
Product Identifier Version Remediation
Unresolved product id: CSAFPID-32201
Unresolved product id: CSAFPID-32202
Unresolved product id: CSAFPID-32203
Product Identifier Version Remediation
Unresolved product id: CSAFPID-31001
Unresolved product id: CSAFPID-31002
Unresolved product id: CSAFPID-31003
Product Identifier Version Remediation
EY-modulo 5 modu 5 modu524
Fr. SAUTER AG / Hardware / EY-modulo 5 / modu 5
EY-modulo 5 modu 5 modu525
Fr. SAUTER AG / Hardware / EY-modulo 5 / modu 5
EY-modulo 5 ecos 5 ecos504/505
Fr. SAUTER AG / Hardware / EY-modulo 5 / ecos 5
CVE-2025-41720

A low privileged remote attacker can upload arbitrary data masked as a png file to the affected device using the webserver API because only the file extension is verified.

4.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CWE-646 - Reliance on File Name or Extension of Externally-Supplied File
Vendor Fix Install modulo 6 embedded software version 3.2.0 on modulo 6 devices
Vendor Fix Upgrade to CASE Suite v5.2 SR5
Mitigation Protect access to device and network according to best practices and state of the art means
Affected products
Product Identifier Version Remediation
Unresolved product id: CSAFPID-32201
Unresolved product id: CSAFPID-32202
Unresolved product id: CSAFPID-32203
Product Identifier Version Remediation
Unresolved product id: CSAFPID-31001
Unresolved product id: CSAFPID-31002
Unresolved product id: CSAFPID-31003
Product Identifier Version Remediation
EY-modulo 5 modu 5 modu524
Fr. SAUTER AG / Hardware / EY-modulo 5 / modu 5
EY-modulo 5 modu 5 modu525
Fr. SAUTER AG / Hardware / EY-modulo 5 / modu 5
EY-modulo 5 ecos 5 ecos504/505
Fr. SAUTER AG / Hardware / EY-modulo 5 / ecos 5
CVE-2025-41721

A high privileged remote attacker can influence the parameters passed to the openssl command due to improper neutralization of special elements when adding a password protected self-signed certificate.

2.7 (Low)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Vendor Fix Install modulo 6 embedded software version 3.2.0 on modulo 6 devices
Vendor Fix Upgrade to CASE Suite v5.2 SR5
Mitigation Protect access to device and network according to best practices and state of the art means
Affected products
Product Identifier Version Remediation
Unresolved product id: CSAFPID-32201
Unresolved product id: CSAFPID-32202
Unresolved product id: CSAFPID-32203
Product Identifier Version Remediation
Unresolved product id: CSAFPID-31001
Unresolved product id: CSAFPID-31002
Unresolved product id: CSAFPID-31003
Product Identifier Version Remediation
EY-modulo 5 modu 5 modu524
Fr. SAUTER AG / Hardware / EY-modulo 5 / modu 5
EY-modulo 5 modu 5 modu525
Fr. SAUTER AG / Hardware / EY-modulo 5 / modu 5
EY-modulo 5 ecos 5 ecos504/505
Fr. SAUTER AG / Hardware / EY-modulo 5 / ecos 5
CVE-2025-41722

The wsc server uses a hard-coded certificate to check the authenticity of SOAP messages. An unauthenticated remote attacker can extract private keys from the Software of the affected devices.

7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-798 - Use of Hard-coded Credentials
Vendor Fix Install modulo 6 embedded software version 3.2.0 on modulo 6 devices
Vendor Fix Install EY-modulo 5 embedded software v6.0 on supported EY-modulo 5 devices
Vendor Fix Upgrade to CASE Suite v5.2 SR5
Mitigation Protect access to device and network according to best practices and state of the art means
Affected products
Product Identifier Version Remediation
Unresolved product id: CSAFPID-32201
Unresolved product id: CSAFPID-32202
Unresolved product id: CSAFPID-32203
Unresolved product id: CSAFPID-32204
Product Identifier Version Remediation
Unresolved product id: CSAFPID-31001
Unresolved product id: CSAFPID-31002
Unresolved product id: CSAFPID-31003
Unresolved product id: CSAFPID-31004
Unresolved product id: CSAFPID-31005
Unresolved product id: CSAFPID-31006
CVE-2025-41723

The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to arbitrary locations.

9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-35 - Path Traversal: '.../...//'
Vendor Fix Install modulo 6 embedded software version 3.2.0 on modulo 6 devices
Vendor Fix Install EY-modulo 5 embedded software v6.0 on supported EY-modulo 5 devices
Vendor Fix Upgrade to CASE Suite v5.2 SR5
Mitigation Protect access to device and network according to best practices and state of the art means
Affected products
Product Identifier Version Remediation
Unresolved product id: CSAFPID-32201
Unresolved product id: CSAFPID-32202
Unresolved product id: CSAFPID-32203
Unresolved product id: CSAFPID-32204
Product Identifier Version Remediation
Unresolved product id: CSAFPID-31001
Unresolved product id: CSAFPID-31002
Unresolved product id: CSAFPID-31003
Unresolved product id: CSAFPID-31006
Product Identifier Version Remediation
EY-modulo 5 modu 5 modu524
Fr. SAUTER AG / Hardware / EY-modulo 5 / modu 5
EY-modulo 5 modu 5 modu525
Fr. SAUTER AG / Hardware / EY-modulo 5 / modu 5
CVE-2025-41724

An unauthenticated remote attacker can crash the wscserver by sending incomplete SOAP requests. The wscserver process will not be restarted by a watchdog and a device reboot is necessary to make it work again.

7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-239 - Failure to Handle Incomplete Element
Vendor Fix Install modulo 6 embedded software version 3.2.0 on modulo 6 devices
Vendor Fix Install EY-modulo 5 embedded software v6.0 on supported EY-modulo 5 devices
Vendor Fix Upgrade to CASE Suite v5.2 SR5
Mitigation Protect access to device and network according to best practices and state of the art means
Affected products
Product Identifier Version Remediation
Unresolved product id: CSAFPID-32201
Unresolved product id: CSAFPID-32202
Unresolved product id: CSAFPID-32203
Unresolved product id: CSAFPID-32204
Product Identifier Version Remediation
Unresolved product id: CSAFPID-31001
Unresolved product id: CSAFPID-31002
Unresolved product id: CSAFPID-31003
Unresolved product id: CSAFPID-31004
Unresolved product id: CSAFPID-31005
Unresolved product id: CSAFPID-31006
References
Acknowledgments
Cyber-Defence Campus armasuisse S+T Damian Pfammatter Daniel Hulliger www.ar.admin.ch/cyberdefencecampus
CERT@VDE
Cyber-Defence Campus armasuisse S+T Damian Pfammatter Daniel Hulliger
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Damian Pfammatter",
          "Daniel Hulliger"
        ],
        "organization": "Cyber-Defence Campus armasuisse S+T",
        "summary": "SAUTER thanks the Cyber-Defence Campus of ARMASUISSE S+T for organizing the hackathon and for reporting the vulnerabilities.",
        "urls": [
          "https://www.ar.admin.ch/cyberdefencecampus"
        ]
      },
      {
        "organization": "CERT@VDE",
        "summary": "coordination"
      }
    ],
    "aggregate_severity": {
      "namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale",
      "text": "High"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "summary",
        "text": "Vulnerabilities have been discovered in the embedded firmware of SAUTER modulo 6 devices. These vulnerabilities affect the embedded web server as well as the interface to the SAUTER CASE Suite tools.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "Update to firmware version 3.2.0. or newer. This will require CASE Suite Version 5.2 SR5 or newer. Contact your local SAUTER representative for support.",
        "title": "Remediation"
      },
      {
        "category": "description",
        "text": "The vulnerabilities in the modulo 6 devices allow privilege escalation, remote exploitation, and compromise of device integrity, availability and confidentiality. ",
        "title": "Impact"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@sauter-bc.com",
      "name": "Sauter AG",
      "namespace": "https://www.sauter-controls.com"
    },
    "references": [
      {
        "category": "external",
        "summary": "Sauter advisory overview at CERT@VDE",
        "url": "https://certvde.com/de/advisories/vendor/sauter/"
      },
      {
        "category": "self",
        "summary": "VDE-2025-060: Sauter: Multiple vulnerabilities in SAUTER modulo 6  - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2025-060"
      },
      {
        "category": "self",
        "summary": "VDE-2025-060: Sauter: Multiple vulnerabilities in SAUTER modulo 6  - CSAF",
        "url": "https://sauter.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-060.json"
      }
    ],
    "title": "Sauter: Multiple vulnerabilities in SAUTER modulo 6 ",
    "tracking": {
      "aliases": [
        "VDE-2025-060"
      ],
      "current_release_date": "2025-10-27T11:00:00.000Z",
      "generator": {
        "date": "2025-10-27T09:37:27.479Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.35"
        }
      },
      "id": "VDE-2025-060",
      "initial_release_date": "2025-10-21T10:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-10-21T10:00:00.000Z",
          "number": "1.0.0",
          "summary": "Initial revision"
        },
        {
          "date": "2025-10-27T11:00:00.000Z",
          "number": "1.1.0",
          "summary": "Correction: modu524 and modu525 not affected by CVE-2025-41723"
        }
      ],
      "status": "final",
      "version": "1.1.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_name",
                    "name": "modu680-AS",
                    "product": {
                      "name": "modulo 6 devices modu680-AS",
                      "product_id": "CSAFPID-11001"
                    }
                  },
                  {
                    "category": "product_name",
                    "name": "modu660-AS",
                    "product": {
                      "name": "modulo 6 devices modu660-AS",
                      "product_id": "CSAFPID-11002"
                    }
                  },
                  {
                    "category": "product_name",
                    "name": "modu612-LC",
                    "product": {
                      "name": "modulo 6 devices modu612-LC",
                      "product_id": "CSAFPID-11003"
                    }
                  }
                ],
                "category": "product_family",
                "name": "modulo 6 devices"
              },
              {
                "branches": [
                  {
                    "branches": [
                      {
                        "category": "product_name",
                        "name": "modu524",
                        "product": {
                          "name": "EY-modulo 5 modu 5 modu524",
                          "product_id": "CSAFPID-11004"
                        }
                      },
                      {
                        "category": "product_name",
                        "name": "modu525",
                        "product": {
                          "name": "EY-modulo 5 modu 5 modu525",
                          "product_id": "CSAFPID-11005"
                        }
                      }
                    ],
                    "category": "product_family",
                    "name": "modu 5"
                  },
                  {
                    "branches": [
                      {
                        "category": "product_name",
                        "name": "ecos504/505",
                        "product": {
                          "name": "EY-modulo 5 ecos 5 ecos504/505",
                          "product_id": "CSAFPID-11006"
                        }
                      }
                    ],
                    "category": "product_family",
                    "name": "ecos 5"
                  }
                ],
                "category": "product_family",
                "name": "EY-modulo 5"
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version",
                    "name": "v3.2.0",
                    "product": {
                      "name": "Firmware modulo 6 embedded software v3.2.0",
                      "product_id": "CSAFPID-22001"
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "\u003cv3.2.0",
                    "product": {
                      "name": "Firmware modulo 6 embedded software \u003cv3.2.0",
                      "product_id": "CSAFPID-21001"
                    }
                  }
                ],
                "category": "product_family",
                "name": "modulo 6 embedded software"
              },
              {
                "branches": [
                  {
                    "category": "product_version",
                    "name": "v6.0",
                    "product": {
                      "name": "Firmware EY-modulo 5 embedded software v6.0",
                      "product_id": "CSAFPID-22002"
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "\u003cv6.0",
                    "product": {
                      "name": "Firmware EY-modulo 5 embedded software \u003cv6.0",
                      "product_id": "CSAFPID-21002"
                    }
                  }
                ],
                "category": "product_family",
                "name": "EY-modulo 5 embedded software"
              }
            ],
            "category": "product_family",
            "name": "Firmware"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003cv5.2 SR5",
                    "product": {
                      "name": "Software CASE Suite \u003cv5.2 SR5",
                      "product_id": "CSAFPID-51001"
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "v5.2 SR5",
                    "product": {
                      "name": "Software CASE Suite v5.2 SR5",
                      "product_id": "CSAFPID-52001"
                    }
                  }
                ],
                "category": "product_family",
                "name": "CASE Suite"
              }
            ],
            "category": "product_family",
            "name": "Software"
          }
        ],
        "category": "vendor",
        "name": "Fr. SAUTER AG"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006"
        ],
        "summary": "affected products"
      },
      {
        "group_id": "CSAFGID-0002",
        "product_ids": [
          "CSAFPID-32201",
          "CSAFPID-32202",
          "CSAFPID-32203",
          "CSAFPID-32204"
        ],
        "summary": "fixed products"
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware modulo 6 embedded software v3.2.0 installed on modulo 6 devices modu680-AS",
          "product_id": "CSAFPID-32001"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware modulo 6 embedded software v3.2.0 installed on modulo 6 devices modu660-AS",
          "product_id": "CSAFPID-32002"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware modulo 6 embedded software v3.2.0 installed on modulo 6 devices modu612-LC",
          "product_id": "CSAFPID-32003"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware modulo 6 embedded software \u003cv3.2.0 installed on modulo 6 devices modu680-AS",
          "product_id": "CSAFPID-31001"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware modulo 6 embedded software \u003cv3.2.0 installed on modulo 6 devices modu660-AS",
          "product_id": "CSAFPID-31002"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware modulo 6 embedded software \u003cv3.2.0 installed on modulo 6 devices modu612-LC",
          "product_id": "CSAFPID-31003"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware EY-modulo 5 embedded software v6.0 installed on EY-modulo 5 ecos 5 ecos504/505",
          "product_id": "CSAFPID-32006"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware EY-modulo 5 embedded software \u003cv6.0 installed on EY-modulo 5 modu 5 modu524",
          "product_id": "CSAFPID-31004"
        },
        "product_reference": "CSAFPID-21002",
        "relates_to_product_reference": "CSAFPID-11004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware EY-modulo 5 embedded software \u003cv6.0 installed on EY-modulo 5 modu 5 modu525",
          "product_id": "CSAFPID-31005"
        },
        "product_reference": "CSAFPID-21002",
        "relates_to_product_reference": "CSAFPID-11005"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware EY-modulo 5 embedded software \u003cv6.0 installed on EY-modulo 5 ecos 5 ecos504/505",
          "product_id": "CSAFPID-31006"
        },
        "product_reference": "CSAFPID-21002",
        "relates_to_product_reference": "CSAFPID-11006"
      },
      {
        "category": "installed_with",
        "full_product_name": {
          "name": "Firmware modulo 6 embedded software \u003cv3.2.0 installed on modulo 6 devices modu680-AS installed with Software CASE Suite \u003cv5.2 SR5",
          "product_id": "CSAFPID-31101"
        },
        "product_reference": "CSAFPID-31001",
        "relates_to_product_reference": "CSAFPID-51001"
      },
      {
        "category": "installed_with",
        "full_product_name": {
          "name": "Firmware modulo 6 embedded software v3.2.0 installed on modulo 6 devices modu680-AS installed with Software CASE Suite v5.2 SR5",
          "product_id": "CSAFPID-32201"
        },
        "product_reference": "CSAFPID-32001",
        "relates_to_product_reference": "CSAFPID-52001"
      },
      {
        "category": "installed_with",
        "full_product_name": {
          "name": "Firmware modulo 6 embedded software v3.2.0 installed on modulo 6 devices modu660-AS installed with Software CASE Suite v5.2 SR5",
          "product_id": "CSAFPID-32202"
        },
        "product_reference": "CSAFPID-32002",
        "relates_to_product_reference": "CSAFPID-52001"
      },
      {
        "category": "installed_with",
        "full_product_name": {
          "name": "Firmware modulo 6 embedded software v3.2.0 installed on modulo 6 devices modu612-LC installed with Software CASE Suite v5.2 SR5",
          "product_id": "CSAFPID-32203"
        },
        "product_reference": "CSAFPID-32003",
        "relates_to_product_reference": "CSAFPID-52001"
      },
      {
        "category": "installed_with",
        "full_product_name": {
          "name": "Firmware EY-modulo 5 embedded software v6.0 installed on EY-modulo 5 ecos 5 ecos504/505 installed with Software CASE Suite v5.2 SR5",
          "product_id": "CSAFPID-32204"
        },
        "product_reference": "CSAFPID-32006",
        "relates_to_product_reference": "CSAFPID-52001"
      },
      {
        "category": "installed_with",
        "full_product_name": {
          "name": "Firmware modulo 6 embedded software v3.2.0 installed with Software CASE Suite v5.2 SR5",
          "product_id": "CSAFPID-0005"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-52001"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Damian Pfammatter",
            "Daniel Hulliger"
          ],
          "organization": "Cyber-Defence Campus armasuisse S+T",
          "summary": "The Cyber-Defence Campus armasuisse S+T reported the vulnerability to Fr. SAUTER AG"
        }
      ],
      "cve": "CVE-2025-41719",
      "cwe": {
        "id": "CWE-1286",
        "name": "Improper Validation of Syntactic Correctness of Input"
      },
      "discovery_date": "2025-02-07T11:00:00.000Z",
      "notes": [
        {
          "category": "description",
          "text": "A low privileged remote attacker can corrupt the webserver users storage on the device by setting a sequence of unsupported characters which leads to deletion of all previously configured users and the creation of the default Administrator with a known default password.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32201",
          "CSAFPID-32202",
          "CSAFPID-32203"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003"
        ],
        "known_not_affected": [
          "CSAFPID-11004",
          "CSAFPID-11005",
          "CSAFPID-11006"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Install modulo 6 embedded software version 3.2.0 on modulo 6 devices",
          "entitlements": [
            "Contact your SAUTER representative to update to the embedded firmware version fixing the vulnerability",
            "Requires upgrade to CASE Suite v5.2SR5"
          ],
          "group_ids": [
            "CSAFGID-0001"
          ],
          "restart_required": {
            "category": "vulnerable_component",
            "details": "Update requires device restart."
          }
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade to CASE Suite v5.2 SR5",
          "group_ids": [
            "CSAFGID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Protect access to device and network according to best practices and state of the art means",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 8.8,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 8.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003"
          ]
        }
      ],
      "title": "Sauter: Improper Validation of user-controlled data"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Damian Pfammatter",
            "Daniel Hulliger"
          ],
          "organization": "Cyber-Defence Campus armasuisse S+T",
          "summary": "The Cyber-Defence Campus armasuisse S+T reported the vulnerability to Fr. SAUTER AG"
        }
      ],
      "cve": "CVE-2025-41720",
      "cwe": {
        "id": "CWE-646",
        "name": "Reliance on File Name or Extension of Externally-Supplied File"
      },
      "notes": [
        {
          "category": "description",
          "text": "A low privileged remote attacker can upload arbitrary data masked as a png file to the affected device using the webserver API because only the file extension is verified.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32201",
          "CSAFPID-32202",
          "CSAFPID-32203"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003"
        ],
        "known_not_affected": [
          "CSAFPID-11004",
          "CSAFPID-11005",
          "CSAFPID-11006"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Install modulo 6 embedded software version 3.2.0 on modulo 6 devices",
          "entitlements": [
            "Requires upgrade to CASE Suite v5.2SR5"
          ],
          "group_ids": [
            "CSAFGID-0001"
          ],
          "restart_required": {
            "category": "vulnerable_component",
            "details": "Update requires device restart"
          }
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade to CASE Suite v5.2 SR5",
          "group_ids": [
            "CSAFGID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Protect access to device and network according to best practices and state of the art means",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "environmentalScore": 4.3,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 4.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003"
          ]
        }
      ],
      "title": "Sauter: Arbitrary File Upload"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Damian Pfammatter",
            "Daniel Hulliger"
          ],
          "organization": "Cyber-Defence Campus armasuisse S+T",
          "summary": "The Cyber-Defence Campus armasuisse S+T reported the vulnerability to Fr. SAUTER AG"
        }
      ],
      "cve": "CVE-2025-41721",
      "cwe": {
        "id": "CWE-77",
        "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "description",
          "text": "A high privileged remote attacker can influence the parameters passed to the openssl command due to improper neutralization of special elements when adding a password protected self-signed certificate.",
          "title": "Vulnerability Description"
        },
        {
          "category": "details",
          "text": "This Vulnerability can be combined with CVE-2025-41720 resulting in full file system access via reverse shell.\nCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H - 7.2 ",
          "title": "Vulnerability Characterisation"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32201",
          "CSAFPID-32202",
          "CSAFPID-32203"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003"
        ],
        "known_not_affected": [
          "CSAFPID-11004",
          "CSAFPID-11005",
          "CSAFPID-11006"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Install modulo 6 embedded software version 3.2.0 on modulo 6 devices",
          "entitlements": [
            "Requires upgrade to CASE Suite v5.2SR5"
          ],
          "group_ids": [
            "CSAFGID-0001"
          ],
          "restart_required": {
            "category": "vulnerable_component",
            "details": "Update requires device restart"
          }
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade to CASE Suite v5.2 SR5",
          "group_ids": [
            "CSAFGID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Protect access to device and network according to best practices and state of the art means",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "environmentalScore": 2.7,
            "environmentalSeverity": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "temporalScore": 2.7,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003"
          ]
        }
      ],
      "title": "Sauter: Command Injection"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Damian Pfammatter",
            "Daniel Hulliger"
          ],
          "organization": "Cyber-Defence Campus armasuisse S+T",
          "summary": "The Cyber-Defence Campus armasuisse S+T reported the vulnerability to Fr. SAUTER AG"
        }
      ],
      "cve": "CVE-2025-41722",
      "cwe": {
        "id": "CWE-798",
        "name": "Use of Hard-coded Credentials"
      },
      "notes": [
        {
          "category": "description",
          "text": "The wsc server uses a hard-coded certificate to check the authenticity of SOAP messages. An unauthenticated remote attacker can extract private keys from the Software of the affected devices.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32201",
          "CSAFPID-32202",
          "CSAFPID-32203",
          "CSAFPID-32204"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Install modulo 6 embedded software version 3.2.0 on modulo 6 devices",
          "entitlements": [
            "Requires upgrade to CASE Suite v5.2SR5"
          ],
          "group_ids": [
            "CSAFGID-0001"
          ],
          "restart_required": {
            "category": "vulnerable_component",
            "details": "Update requires device restart"
          }
        },
        {
          "category": "vendor_fix",
          "details": "Install EY-modulo 5 embedded software v6.0 on supported EY-modulo 5 devices",
          "group_ids": [
            "CSAFGID-0001"
          ],
          "restart_required": {
            "category": "vulnerable_component",
            "details": "Update requires device restart"
          }
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade to CASE Suite v5.2 SR5",
          "group_ids": [
            "CSAFGID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Protect access to device and network according to best practices and state of the art means",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.5,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004",
            "CSAFPID-31005",
            "CSAFPID-31006"
          ]
        }
      ],
      "title": "Sauter: Hard-coded Authentication Credentials"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Damian Pfammatter",
            "Daniel Hulliger"
          ],
          "organization": "Cyber-Defence Campus armasuisse S+T",
          "summary": "The Cyber-Defence Campus armasuisse S+T reported the vulnerability to Fr. SAUTER AG"
        }
      ],
      "cve": "CVE-2025-41723",
      "cwe": {
        "id": "CWE-35",
        "name": "Path Traversal: \u0027.../...//\u0027"
      },
      "notes": [
        {
          "category": "description",
          "text": "The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to arbitrary locations.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32201",
          "CSAFPID-32202",
          "CSAFPID-32203",
          "CSAFPID-32204"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31006"
        ],
        "known_not_affected": [
          "CSAFPID-11004",
          "CSAFPID-11005"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Install modulo 6 embedded software version 3.2.0 on modulo 6 devices",
          "entitlements": [
            "Requires upgrade to CASE Suite v5.2SR5"
          ],
          "group_ids": [
            "CSAFGID-0001"
          ],
          "restart_required": {
            "category": "vulnerable_component",
            "details": "Update requires device restart"
          }
        },
        {
          "category": "vendor_fix",
          "details": "Install EY-modulo 5 embedded software v6.0 on supported EY-modulo 5 devices",
          "entitlements": [
            "Requires upgrade to CASE Suite v5.2SR5"
          ],
          "group_ids": [
            "CSAFGID-0001"
          ],
          "restart_required": {
            "category": "vulnerable_component",
            "details": "Update requires device restart"
          }
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade to CASE Suite v5.2 SR5",
          "group_ids": [
            "CSAFGID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Protect access to device and network according to best practices and state of the art means",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004",
            "CSAFPID-31005",
            "CSAFPID-31006"
          ]
        }
      ],
      "title": "Sauter: Directory Traversal in importFile SOAP Method"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Damian Pfammatter",
            "Daniel Hulliger"
          ],
          "organization": "Cyber-Defence Campus armasuisse S+T",
          "summary": "The Cyber-Defence Campus armasuisse S+T reported the vulnerability to Fr. SAUTER AG"
        }
      ],
      "cve": "CVE-2025-41724",
      "cwe": {
        "id": "CWE-239",
        "name": "Failure to Handle Incomplete Element"
      },
      "notes": [
        {
          "category": "description",
          "text": "An unauthenticated remote attacker can crash the wscserver by sending incomplete SOAP requests. The wscserver process will not be restarted by a watchdog and a device reboot is necessary to make it work again.\n",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32201",
          "CSAFPID-32202",
          "CSAFPID-32203",
          "CSAFPID-32204"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Install modulo 6 embedded software version 3.2.0 on modulo 6 devices",
          "entitlements": [
            "Requires upgrade to CASE Suite v5.2SR5"
          ],
          "group_ids": [
            "CSAFGID-0001"
          ],
          "restart_required": {
            "category": "vulnerable_component",
            "details": "Update requires device restart"
          }
        },
        {
          "category": "vendor_fix",
          "details": "Install EY-modulo 5 embedded software v6.0 on supported EY-modulo 5 devices",
          "entitlements": [
            "Requires upgrade to CASE Suite v5.2SR5"
          ],
          "group_ids": [
            "CSAFGID-0001"
          ],
          "restart_required": {
            "category": "vulnerable_component",
            "details": "Update requires device restart"
          }
        },
        {
          "category": "vendor_fix",
          "details": "Upgrade to CASE Suite v5.2 SR5",
          "group_ids": [
            "CSAFGID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Protect access to device and network according to best practices and state of the art means",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "environmentalScore": 7.5,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004",
            "CSAFPID-31005",
            "CSAFPID-31006"
          ]
        }
      ],
      "title": "Sauter: Crash via Incomplete SOAP Request"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.