CVE-2025-41652
Weidmueller: Authentication Bypass Vulnerability in Industrial Ethernet Switches
In short
Weidmueller industrial switches can be accessed without proper authentication due to weak security checks. An attacker can guess passwords or forge fake login credentials to gain full control of critical network equipment.
Technical detail
The authorization mechanism in Weidmueller switches contains flaws allowing unauthenticated remote attackers to bypass authentication via brute-force credential guessing or MD5 hash collision techniques. Successful exploitation grants unauthorized access to device management and control, compromising integrity and availability of industrial network infrastructure.
Summary generated and translated by AI from the official description.
The devices are vulnerable to an authentication bypass due to flaws in the authorization mechanism. An unauthenticated remote attacker could exploit this weakness by performing brute-force attacks to guess valid credentials or by using MD5 collision techniques to forge authentication hashes, potentially compromising the device.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Weidmueller · IE-SW-PL10M-3GT-7TXWeidmueller · IE-SW-PL10MT-3GT-7TXWeidmueller · IE-SW-PL16M-16TXWeidmueller · IE-SW-PL16MT-16TXWeidmueller · IE-SW-PL18M-2GC-16TXWeidmueller · IE-SW-PL18MT-2GC-16TXWeidmueller · IE-SW-VL05M-5TXWeidmueller · IE-SW-VL05MT-5TXWeidmueller · IE-SW-VL08MT-5TX-1SC-2SCSWeidmueller · IE-SW-VL08MT-6TX-2SCWeidmueller · IE-SW-VL08MT-6TX-2SCSWeidmueller · IE-SW-VL08MT-6TX-2STWeidmueller · IE-SW-VL08MT-8TXWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →