CVE-2025-41652

EPSS 0.08%
Veröffentlicht 27.05.2025 08:38:12
Zuletzt bearbeitet 22.08.2025 11:15:31
Quelle info@cert.vde.com
Teams Watchlist Login
Unerledigt Login

The devices are vulnerable to an authentication bypass due to flaws in the authorization mechanism. An unauthenticated remote attacker could exploit this weakness by performing brute-force attacks to guess valid credentials or by using MD5 collision techniques to forge authentication hashes, potentially compromising the device.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerWeidmueller

≫

Produkt IE-SW-VL05M-5TX

Default Statusunaffected

Version < 3.6.32

Version 0.0.0

Status affected

HerstellerWeidmueller

≫

Produkt IE-SW-VL05MT-5TX

Default Statusunaffected

Version < 3.6.32

Version 0.0.0

Status affected

HerstellerWeidmueller

≫

Produkt IE-SW-VL08MT-8TX

Default Statusunaffected

Version < 3.6.32

Version 0.0.0

Status affected

HerstellerWeidmueller

≫

Produkt IE-SW-VL08MT-5TX-1SC-2SCS

Default Statusunaffected

Version < 3.5.36

Version 0.0.0

Status affected

HerstellerWeidmueller

≫

Produkt IE-SW-VL08MT-6TX-2SC

Default Statusunaffected

Version < 3.5.36

Version 0.0.0

Status affected

HerstellerWeidmueller

≫

Produkt IE-SW-VL08MT-6TX-2ST

Default Statusunaffected

Version < 3.5.36

Version 0.0.0

Status affected

HerstellerWeidmueller

≫

Produkt IE-SW-VL08MT-6TX-2SCS

Default Statusunaffected

Version < 3.5.36

Version 0.0.0

Status affected

HerstellerWeidmueller

≫

Produkt IE-SW-PL10M-3GT-7TX

Default Statusunaffected

Version < 3.3.34

Version 0.0.0

Status affected

HerstellerWeidmueller

≫

Produkt IE-SW-PL10MT-3GT-7TX

Default Statusunaffected

Version < 3.3.34

Version 0.0.0

Status affected

HerstellerWeidmueller

≫

Produkt IE-SW-PL16M-16TX

Default Statusunaffected

Version < 3.4.32

Version 0.0.0

Status affected

HerstellerWeidmueller

≫

Produkt IE-SW-PL16MT-16TX

Default Statusunaffected

Version < 3.4.32

Version 0.0.0

Status affected

HerstellerWeidmueller

≫

Produkt IE-SW-PL18M-2GC-16TX

Default Statusunaffected

Version < 3.4.40

Version 0.0.0

Status affected

HerstellerWeidmueller

≫

Produkt IE-SW-PL18MT-2GC-16TX

Default Statusunaffected

Version < 3.4.40

Version 0.0.0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.252

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
info@cert.vde.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-328 Use of Weak Hash

The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).

https://certvde.com/en/advisories/VDE-2025-044/

https://nvd.nist.gov/vuln/detail/CVE-2025-41652

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-41652

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-41652

EUVD