VDE-2025-096

Vulnerability from csaf_weidmuellerinterfacegmbhcokg - Published: 2026-03-10 07:00 - Updated: 2026-03-10 07:00
Summary
Weidmueller: Multiple vulnerabilities in Energy Meter 750-24 and Energy Meter 750-230
Severity
High
Notes
Summary: An unauthenticated remote attacker can exploit several vulnerabilities in Weidmueller devices Energy Meter 750-24 and Energy Meter 750-230 to ultimately gain full system access and remote code execution.
General Recommendation: As a general security measure, Weidmueller strongly recommends to change the default passwords and to minimize the network exposure of products. Limit access to trusted networks by using the appropriate mechanisms.
Impact: These vulnerabilities in combination allow an unauthenticated remote attacker to fully compromise the system including remote code execution. Further details on each separate vulnerability can be found under vulnerability details.
Remediation: It is strongly advised to update to the newest version. The vulnerabilities are fixed in version 3.14.
CVE-2025-41709

An unauthenticated remote attacker can perform a command injection via Modbus-TCP or Modbus-RTU to gain read and write access on the affected device.

9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Vendor Fix Update to version 3.14
CVE-2025-41710

An unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server with limited read and write privileges.

6.5 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CWE-798 - Use of Hard-coded Credentials
Vendor Fix Update to version 3.14
CVE-2025-41711

An unauthenticated remote attacker can use firmware images to extract password hashes and brute force plaintext passwords of accounts with limited access.

5.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Vendor Fix Update to version 3.14
CVE-2025-41712

An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get access to sensitive information on the device. This is a result of incorrect permission assignment for the web server.

6.5 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE-732 - Incorrect Permission Assignment for Critical Resource
Vendor Fix Update to version 3.14
References
Acknowledgments
CERT@VDE certvde.com
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      }
    ],
    "aggregate_severity": {
      "namespace": "https://www.first.org/cvss/v3.1/specification-document",
      "text": "High"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "An unauthenticated remote attacker can exploit several vulnerabilities in Weidmueller devices Energy Meter 750-24 and Energy Meter 750-230 to ultimately gain full system access and remote code execution.",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "As a general security measure, Weidmueller strongly recommends to change the default passwords and to minimize the network exposure of products. Limit access to trusted networks by using the appropriate mechanisms.",
        "title": "General Recommendation"
      },
      {
        "category": "description",
        "text": "These vulnerabilities in combination allow an unauthenticated remote attacker to fully compromise the system including remote code execution. Further details on each separate vulnerability can be found under vulnerability details.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "It is strongly advised to update to the newest version. The vulnerabilities are fixed in version 3.14.",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@weidmueller.com",
      "name": "Weidmueller Interface GmbH \u0026 Co. KG",
      "namespace": "https://www.weidmueller.com"
    },
    "references": [
      {
        "category": "external",
        "summary": "Weidmueller Security Advisory Board",
        "url": "https://support.weidmueller.com/support-center/popular-resources/security-advisory-board"
      },
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for Weidmueller",
        "url": "https://certvde.com/de/advisories/vendor/weidmueller/"
      },
      {
        "category": "self",
        "summary": "VDE-2025-096: Weidmueller: Multiple vulnerabilities in Energy Meter 750-24 and Energy Meter 750-230 - HTML",
        "url": "https://certvde.com/de/advisories/VDE-2025-096"
      },
      {
        "category": "self",
        "summary": "VDE-2025-096: Weidmueller: Multiple vulnerabilities in Energy Meter 750-24 and Energy Meter 750-230 - CSAF",
        "url": "https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-096.json"
      }
    ],
    "title": "Weidmueller: Multiple vulnerabilities in Energy Meter 750-24 and Energy Meter 750-230",
    "tracking": {
      "aliases": [
        "VDE-2025-096",
        "WMSA-2600001"
      ],
      "current_release_date": "2026-03-10T07:00:00.000Z",
      "generator": {
        "date": "2026-03-09T12:47:31.897Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.44"
        }
      },
      "id": "VDE-2025-096",
      "initial_release_date": "2026-03-10T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2026-03-10T07:00:00.000Z",
          "number": "1.0.0",
          "summary": "Initial version"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "ENERGY METER 750-24",
                "product": {
                  "name": "ENERGY METER 750-24",
                  "product_id": "CSAFPID-11001",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2540900000"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "ENERGY METER 750-230",
                "product": {
                  "name": "ENERGY METER 750-230",
                  "product_id": "CSAFPID-11002",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2540910000"
                    ]
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.13",
                "product": {
                  "name": "Firmware 3.13",
                  "product_id": "CSAFPID-21001",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:o:weidmueller:energy_meter_750_firmware:3.13:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3.14",
                "product": {
                  "name": "Firmware 3.14",
                  "product_id": "CSAFPID-21002",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:o:weidmueller:energy_meter_750_firmware:3.14:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:generic/\u003c=3.13",
                "product": {
                  "name": "Firmware \u003c=3.13",
                  "product_id": "CSAFPID-21003"
                }
              }
            ],
            "category": "product_family",
            "name": "Firmware"
          }
        ],
        "category": "vendor",
        "name": "Weidmueller"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004"
        ],
        "summary": "Affected products."
      },
      {
        "group_id": "CSAFGID-0002",
        "product_ids": [
          "CSAFPID-32001",
          "CSAFPID-32002"
        ],
        "summary": "Fixed products."
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 3.13 installed on ENERGY METER 750-24",
          "product_id": "CSAFPID-31001",
          "product_identification_helper": {
            "cpe": "cpe:2.3:o:weidmueller:energy_meter_750_24_firmware:3.13:*:*:*:*:*:*:*"
          }
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 3.13 installed on ENERGY METER 750-230",
          "product_id": "CSAFPID-31002",
          "product_identification_helper": {
            "cpe": "cpe:2.3:o:weidmueller:energy_meter_750_230_firmware:3.13:*:*:*:*:*:*:*"
          }
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 3.14 installed on ENERGY METER 750-24",
          "product_id": "CSAFPID-32001",
          "product_identification_helper": {
            "cpe": "cpe:2.3:o:weidmueller:energy_meter_750_24_firmware:3.14:*:*:*:*:*:*:*"
          }
        },
        "product_reference": "CSAFPID-21002",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 3.14 installed on ENERGY METER 750-230",
          "product_id": "CSAFPID-32002",
          "product_identification_helper": {
            "cpe": "cpe:2.3:o:weidmueller:energy_meter_750_230_firmware:3.14:*:*:*:*:*:*:*"
          }
        },
        "product_reference": "CSAFPID-21002",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=3.13 installed on ENERGY METER 750-24",
          "product_id": "CSAFPID-31003"
        },
        "product_reference": "CSAFPID-21003",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=3.13 installed on ENERGY METER 750-230",
          "product_id": "CSAFPID-31004"
        },
        "product_reference": "CSAFPID-21003",
        "relates_to_product_reference": "CSAFPID-11002"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-41709",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "description",
          "text": "An unauthenticated remote attacker can perform a command injection via Modbus-TCP or Modbus-RTU to gain read and write access on the affected device.",
          "title": "CVE Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to version 3.14",
          "product_ids": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004"
          ]
        }
      ],
      "title": "Command injection in power analyzer via Modbus-TCP and Modbus-RTU"
    },
    {
      "cve": "CVE-2025-41710",
      "cwe": {
        "id": "CWE-798",
        "name": "Use of Hard-coded Credentials"
      },
      "notes": [
        {
          "category": "description",
          "text": "An unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server with limited read and write privileges.",
          "title": "CVE Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to version 3.14",
          "product_ids": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "environmentalScore": 6.5,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 6.5,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004"
          ]
        }
      ],
      "title": "Use of Hard-coded Credentials in power analyzer"
    },
    {
      "cve": "CVE-2025-41711",
      "cwe": {
        "id": "CWE-327",
        "name": "Use of a Broken or Risky Cryptographic Algorithm"
      },
      "notes": [
        {
          "category": "description",
          "text": "An unauthenticated remote attacker can use firmware images to extract password hashes and brute force plaintext passwords of accounts with limited access. ",
          "title": "CVE Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to version 3.14",
          "product_ids": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "environmentalScore": 5.3,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 5.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004"
          ]
        }
      ],
      "title": "Use of a Broken or Risky Cryptographic Algorithm for firmware images of power analyzer"
    },
    {
      "cve": "CVE-2025-41712",
      "cwe": {
        "id": "CWE-732",
        "name": "Incorrect Permission Assignment for Critical Resource"
      },
      "notes": [
        {
          "category": "description",
          "text": "An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get access to sensitive information on the device. This is a result of incorrect permission assignment for the web server.",
          "title": "CVE Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to version 3.14",
          "product_ids": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 6.5,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 6.5,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004"
          ]
        }
      ],
      "title": "Incorrect Permission Assignment on power analyzer"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.