Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Weidmueller

Source -

CNA

BOS Name -

N/A

CNA CVEs -

11

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
11Vulnerabilities found
CVE-2025-41687
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-9.8||CRITICAL
EPSS-0.11% / 30.70%
||
7 Day CHG+0.01%
Published-23 Jul, 2025 | 08:23
Updated-23 Jul, 2025 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Weidmueller: Unauthenticated Stack-Based Buffer Overflow in u-link Management API

An unauthenticated remote attacker may use a stack based buffer overflow in the u-link Management API to gain full access on the affected devices.

Action-Not Available
Vendor-Weidmueller
Product-IE-SR-2TX-WL-4G-EUIE-SR-2TX-WLIE-SR-2TX-WL-4G-US-V
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-41684
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-0.26% / 49.09%
||
7 Day CHG+0.03%
Published-23 Jul, 2025 | 08:23
Updated-23 Jul, 2025 | 14:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Weidmueller: Root Command Injection via Unsanitized Input in tls_iotgen_setting Endpoint

An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface (endpoint tls_iotgen_setting).

Action-Not Available
Vendor-Weidmueller
Product-IE-SR-2TX-WL-4G-EUIE-SR-2TX-WLIE-SR-2TX-WL-4G-US-V
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-41683
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-0.26% / 49.09%
||
7 Day CHG+0.03%
Published-23 Jul, 2025 | 08:22
Updated-23 Jul, 2025 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Weidmueller: Root Command Injection via Unsanitized Input in event_mail_test Endpoint

An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface (endpoint event_mail_test).

Action-Not Available
Vendor-Weidmueller
Product-IE-SR-2TX-WL-4G-EUIE-SR-2TX-WLIE-SR-2TX-WL-4G-US-V
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-41663
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-9.8||CRITICAL
EPSS-0.14% / 35.01%
||
7 Day CHG~0.00%
Published-11 Jun, 2025 | 08:15
Updated-24 Jul, 2025 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Weidmueller: Security routers IE-SR-2TX are affected by Command Injection

For u-link Management API an unauthenticated remote attacker in a man-in-the-middle position can inject arbitrary commands in responses returned by WWH servers, which are then executed with elevated privileges. To get into such a position, clients would need to use insecure proxy configurations.

Action-Not Available
Vendor-Weidmueller
Product-IE-SR-2TX-WLIE-SR-2TX-WL-4G-US-VIE-SR-2TX-WL-4G-EU
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-41661
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-0.08% / 24.17%
||
7 Day CHG~0.00%
Published-11 Jun, 2025 | 08:13
Updated-24 Jul, 2025 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Weidmueller: Security routers IE-SR-2TX are affected by CSRF

An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of Cross-Site Request Forgery (CSRF) protection.

Action-Not Available
Vendor-Weidmueller
Product-IE-SR-2TX-WLIE-SR-2TX-WL-4G-US-VIE-SR-2TX-WL-4G-EU
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-41653
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.64% / 69.69%
||
7 Day CHG~0.00%
Published-27 May, 2025 | 08:38
Updated-28 May, 2025 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Weidmueller: Denial-of-Service Vulnerability in the web server functionality of Industrial Ethernet Switches

An unauthenticated remote attacker can exploit a denial-of-service vulnerability in the device's web server functionality by sending a specially crafted HTTP request with a malicious header, potentially causing the server to crash or become unresponsive.

Action-Not Available
Vendor-Weidmueller
Product-IE-SW-VL08MT-6TX-2STIE-SW-PL10MT-3GT-7TXIE-SW-PL18MT-2GC-16TXIE-SW-VL08MT-6TX-2SCSIE-SW-VL08MT-8TXIE-SW-PL16MT-16TXIE-SW-PL10M-3GT-7TXIE-SW-VL05MT-5TXIE-SW-PL16M-16TXIE-SW-VL08MT-6TX-2SCIE-SW-VL05M-5TXIE-SW-VL08MT-5TX-1SC-2SCSIE-SW-PL18M-2GC-16TX
CWE ID-CWE-410
Insufficient Resource Pool
CVE-2025-41652
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 22.14%
||
7 Day CHG-0.10%
Published-27 May, 2025 | 08:38
Updated-22 Aug, 2025 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Weidmueller: Authentication Bypass Vulnerability in Industrial Ethernet Switches

The devices are vulnerable to an authentication bypass due to flaws in the authorization mechanism. An unauthenticated remote attacker could exploit this weakness by performing brute-force attacks to guess valid credentials or by using MD5 collision techniques to forge authentication hashes, potentially compromising the device.

Action-Not Available
Vendor-Weidmueller
Product-IE-SW-VL08MT-6TX-2SCSIE-SW-VL08MT-8TXIE-SW-PL18MT-2GC-16TXIE-SW-VL08MT-6TX-2STIE-SW-VL05MT-5TXIE-SW-VL05M-5TXIE-SW-PL16MT-16TXIE-SW-VL08MT-5TX-1SC-2SCSIE-SW-PL18M-2GC-16TXIE-SW-VL08MT-6TX-2SCIE-SW-PL16M-16TXIE-SW-PL10M-3GT-7TXIE-SW-PL10MT-3GT-7TX
CWE ID-CWE-328
Use of Weak Hash
CVE-2025-41651
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-9.8||CRITICAL
EPSS-0.24% / 46.33%
||
7 Day CHG~0.00%
Published-27 May, 2025 | 08:38
Updated-28 May, 2025 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Weidmueller: Missing Authentication Vulnerability in Industrial Ethernet Switches

Due to missing authentication on a critical function of the devices an unauthenticated remote attacker can execute arbitrary commands, potentially enabling unauthorized upload or download of configuration files and leading to full system compromise.

Action-Not Available
Vendor-Weidmueller
Product-IE-SW-VL08MT-6TX-2STIE-SW-PL10MT-3GT-7TXIE-SW-PL18MT-2GC-16TXIE-SW-VL08MT-6TX-2SCSIE-SW-VL08MT-8TXIE-SW-PL16MT-16TXIE-SW-PL10M-3GT-7TXIE-SW-VL05MT-5TXIE-SW-PL16M-16TXIE-SW-VL08MT-6TX-2SCIE-SW-VL05M-5TXIE-SW-VL08MT-5TX-1SC-2SCSIE-SW-PL18M-2GC-16TX
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-41650
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.09% / 26.21%
||
7 Day CHG~0.00%
Published-27 May, 2025 | 08:37
Updated-28 May, 2025 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Weidmueller: Denial-of-Service Vulnerability in Industrial Ethernet Switches

An unauthenticated remote attacker can exploit input validation in cmd services of the devices, allowing them to disrupt system operations and potentially cause a denial-of-service.

Action-Not Available
Vendor-Weidmueller
Product-IE-SW-VL08MT-6TX-2STIE-SW-PL10MT-3GT-7TXIE-SW-PL18MT-2GC-16TXIE-SW-VL08MT-6TX-2SCSIE-SW-VL08MT-8TXIE-SW-PL16MT-16TXIE-SW-PL10M-3GT-7TXIE-SW-VL05MT-5TXIE-SW-PL16M-16TXIE-SW-VL08MT-6TX-2SCIE-SW-VL05M-5TXIE-SW-VL08MT-5TX-1SC-2SCSIE-SW-PL18M-2GC-16TX
CWE ID-CWE-1287
Improper Validation of Specified Type of Input
CVE-2025-41649
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.09% / 26.58%
||
7 Day CHG~0.00%
Published-27 May, 2025 | 08:37
Updated-28 May, 2025 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Weidmueller: Out-of-Bounds Write Vulnerability in Industrial Ethernet Switches

An unauthenticated remote attacker can exploit insufficient input validation to write data beyond the bounds of a buffer, potentially leading to a denial-of-service condition for the devices.

Action-Not Available
Vendor-Weidmueller
Product-IE-SW-VL08MT-6TX-2STIE-SW-PL10MT-3GT-7TXIE-SW-PL18MT-2GC-16TXIE-SW-VL08MT-6TX-2SCSIE-SW-VL08MT-8TXIE-SW-PL16MT-16TXIE-SW-PL10M-3GT-7TXIE-SW-VL05MT-5TXIE-SW-PL16M-16TXIE-SW-VL08MT-6TX-2SCIE-SW-VL05M-5TXIE-SW-VL08MT-5TX-1SC-2SCSIE-SW-PL18M-2GC-16TX
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-1393
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-9.8||CRITICAL
EPSS-0.19% / 40.75%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 08:03
Updated-05 Mar, 2025 | 14:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Weidmueller: Authentication Vulnerability due to Hard-coded Credentials

An unauthenticated remote attacker can use hard-coded credentials to gain full administration privileges on the affected product.

Action-Not Available
Vendor-Weidmueller
Product-PROCON-WIN
CWE ID-CWE-798
Use of Hard-coded Credentials