Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-41654

Summary
Assigner-CERTVDE
Assigner Org ID-270ccfa6-a436-4e77-922e-914ec3a9685c
Published At-26 May, 2025 | 08:21
Updated At-22 Aug, 2025 | 09:18
Rejected At-
Credits

PEPPERL+FUCHS: Profinet Gateway LB8122A.1.EL – Device is affected by information disclosure via the SNMP protocol

An unauthenticated remote attacker can access information about running processes via the SNMP protocol. The amount of returned data can trigger a reboot by the watchdog.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:CERTVDE
Assigner Org ID:270ccfa6-a436-4e77-922e-914ec3a9685c
Published At:26 May, 2025 | 08:21
Updated At:22 Aug, 2025 | 09:18
Rejected At:
▼CVE Numbering Authority (CNA)
PEPPERL+FUCHS: Profinet Gateway LB8122A.1.EL – Device is affected by information disclosure via the SNMP protocol

An unauthenticated remote attacker can access information about running processes via the SNMP protocol. The amount of returned data can trigger a reboot by the watchdog.

Affected Products
Vendor
Pepperl+Fuchs
Product
Profinet Gateway FB8122A.1.EL
Default Status
unaffected
Versions
Affected
  • From 0 before V1.3.13 (semver)
Vendor
Pepperl+Fuchs
Product
Profinet Gateway LB8122A.1.EL
Default Status
unaffected
Versions
Affected
  • From 0 before V1.3.13 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-306CWE-306 Missing Authentication for Critical Function
Type: CWE
CWE ID: CWE-306
Description: CWE-306 Missing Authentication for Critical Function
Metrics
VersionBase scoreBase severityVector
3.18.2HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Version: 3.1
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert.vde.com/en/advisories/VDE-2025-011
N/A
Hyperlink: https://cert.vde.com/en/advisories/VDE-2025-011
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:info@cert.vde.com
Published At:26 May, 2025 | 09:15
Updated At:22 Aug, 2025 | 10:15

An unauthenticated remote attacker can access information about running processes via the SNMP protocol. The amount of returned data can trigger a reboot by the watchdog.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.2HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-306Primaryinfo@cert.vde.com
CWE ID: CWE-306
Type: Primary
Source: info@cert.vde.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://cert.vde.com/en/advisories/VDE-2025-011info@cert.vde.com
N/A
Hyperlink: https://cert.vde.com/en/advisories/VDE-2025-011
Source: info@cert.vde.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

6Records found
CVE-2024-6422
Matching Score-6
Assigner-CERT@VDE
ShareView Details
Matching Score-6
Assigner-CERT@VDE
CVSS Score-9.8||CRITICAL
EPSS-1.92% / 82.61%
||
7 Day CHG~0.00%
Published-10 Jul, 2024 | 07:37
Updated-05 Sep, 2024 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pepperl+Fuchs: OIT Products can be manipulated via unintended Telnet access

An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data.

Action-Not Available
Vendor-pepperl-fuchsPepperl+Fuchs
Product-oit1500-f113-b12-cb_firmwareoit500-f113-b12-cboit200-f113-b12-cb_firmwareoit500-f113-b12-cb_firmwareoit700-f113-b12-cb_firmwareoit700-f113-b12-cboit1500-f113-b12-cboit200-f113-b12-cbOIT500-F113-B12-CBOIT1500-F113-B12-CBOIT700-F113-B12-CBOIT200-F113-B12-CB
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-41655
Matching Score-6
Assigner-CERT@VDE
ShareView Details
Matching Score-6
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.12% / 32.43%
||
7 Day CHG~0.00%
Published-26 May, 2025 | 08:22
Updated-28 May, 2025 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PEPPERL+FUCHS: Attacker can cause a DoS via URL

An unauthenticated remote attacker can access a URL which causes the device to reboot.

Action-Not Available
Vendor-Pepperl+Fuchs
Product-Profinet Gateway LB8122A.1.ELProfinet Gateway FB8122A.1.EL
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-12500
Matching Score-6
Assigner-CERT@VDE
ShareView Details
Matching Score-6
Assigner-CERT@VDE
CVSS Score-9.8||CRITICAL
EPSS-6.46% / 90.69%
||
7 Day CHG~0.00%
Published-15 Oct, 2020 | 18:42
Updated-17 Sep, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) allows unauthenticated device administration.

Action-Not Available
Vendor-pepperl-fuchsKorenixPepperl+FuchsWestermo
Product-es9528es7510_firmwarees8510_firmwarees9528-xtv2es7510-xtes8509-xt_firmwarees9528-xtes7506es8508es7528es7506_firmwarees8510-xtees8509-xtes8508f_firmwarees8510-xtes9528_firmwarees8508fes8510-xt_firmwarees8508_firmwarees7528_firmwarees9528-xtv2_firmwarees9528-xt_firmwarees7510-xt_firmwarees7510es8510es8510-xte_firmwareP+F Comtrol RocketLinxPMI-110-F2GJetNet
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-26573
Matching Score-4
Assigner-The Missing Link Australia (TML)
ShareView Details
Matching Score-4
Assigner-The Missing Link Australia (TML)
CVSS Score-8.2||HIGH
EPSS-0.18% / 40.01%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 08:48
Updated-15 Oct, 2024 | 18:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authentication In IDAttend’s IDWeb Application

Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials.

Action-Not Available
Vendor-idattendIDAttend Pty Ltd
Product-idwebIDWeb
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-12105
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.2||HIGH
EPSS-1.81% / 82.09%
||
7 Day CHG~0.00%
Published-10 Sep, 2019 | 16:18
Updated-04 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service. Note: The maintainer responded that the affected component, inet_http_server, is not enabled by default but if the user enables it and does not set a password, Supervisor logs a warning message. The maintainer indicated the ability to run an open server will not be removed but an additional warning was added to the documentation

Action-Not Available
Vendor-supervisordn/a
Product-supervisorn/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-3090
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-8.2||HIGH
EPSS-0.19% / 41.44%
||
7 Day CHG~0.00%
Published-24 Jun, 2025 | 08:05
Updated-26 Jun, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MB connect line: Missing Authentication in mbCONNECT24/mymbCONNECT24

An unauthenticated remote attacker can obtain limited sensitive information and/or DoS the device due to missing authentication for critical function.

Action-Not Available
Vendor-MB connect lineHelmholz
Product-mbCONNECT24myREX24.virtualmymbCONNECT24myREX24
CWE ID-CWE-306
Missing Authentication for Critical Function
Details not found