CVE-2025-41650 (GCVE-0-2025-41650)
Vulnerability from cvelistv5
Published
2025-05-27 08:37
Modified
2025-05-27 13:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1287 - Improper Validation of Specified Type of Input
Summary
An unauthenticated remote attacker can exploit input validation in cmd services of the devices, allowing them to disrupt system operations and potentially cause a denial-of-service.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Weidmueller | IE-SW-VL05M-5TX |
Version: 0.0.0 ≤ |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41650",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-27T13:37:42.461446Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T13:39:51.332Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IE-SW-VL05M-5TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.6.32",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-VL05MT-5TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.6.32",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-VL08MT-8TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.5.36",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-VL08MT-5TX-1SC-2SCS",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.5.36",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-VL08MT-6TX-2SC",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.5.36",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-VL08MT-6TX-2ST",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.5.36",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-VL08MT-6TX-2SCS",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.5.36",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-PL10M-3GT-7TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.3.34",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-PL10MT-3GT-7TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.3.34",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-PL16M-16TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.4.32",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-PL16MT-16TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.4.32",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-PL18M-2GC-16TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.4.40",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IE-SW-PL18MT-2GC-16TX",
"vendor": "Weidmueller",
"versions": [
{
"lessThan": "3.4.40",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker can exploit input validation in cmd services of the devices, allowing them to disrupt system operations and potentially cause a denial-of-service."
}
],
"value": "An unauthenticated remote attacker can exploit input validation in cmd services of the devices, allowing them to disrupt system operations and potentially cause a denial-of-service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "CWE-1287 Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T08:37:44.635Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/en/advisories/VDE-2025-044/"
}
],
"source": {
"advisory": "VDE-2025-044",
"defect": [
"CERT@VDE#641785"
],
"discovery": "UNKNOWN"
},
"title": "Weidmueller: Denial-of-Service Vulnerability in Industrial Ethernet Switches",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41650",
"datePublished": "2025-05-27T08:37:44.635Z",
"dateReserved": "2025-04-16T11:17:48.305Z",
"dateUpdated": "2025-05-27T13:39:51.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-41650\",\"sourceIdentifier\":\"info@cert.vde.com\",\"published\":\"2025-05-27T09:15:21.193\",\"lastModified\":\"2025-05-28T15:01:30.720\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An unauthenticated remote attacker can exploit input validation in cmd services of the devices, allowing them to disrupt system operations and potentially cause a denial-of-service.\"},{\"lang\":\"es\",\"value\":\"Un atacante remoto no autenticado puede explotar la validaci\u00f3n de entrada en los servicios cmd de los dispositivos, lo que le permite interrumpir las operaciones del sistema y potencialmente causar una denegaci\u00f3n de servicio.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1287\"}]}],\"references\":[{\"url\":\"https://certvde.com/en/advisories/VDE-2025-044/\",\"source\":\"info@cert.vde.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-41650\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-27T13:37:42.461446Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-27T13:38:36.150Z\"}}], \"cna\": {\"title\": \"Weidmueller: Denial-of-Service Vulnerability in Industrial Ethernet Switches\", \"source\": {\"defect\": [\"CERT@VDE#641785\"], \"advisory\": \"VDE-2025-044\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Weidmueller\", \"product\": \"IE-SW-VL05M-5TX\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"3.6.32\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Weidmueller\", \"product\": \"IE-SW-VL05MT-5TX\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"3.6.32\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Weidmueller\", \"product\": \"IE-SW-VL08MT-8TX\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"3.5.36\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Weidmueller\", \"product\": \"IE-SW-VL08MT-5TX-1SC-2SCS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"3.5.36\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Weidmueller\", \"product\": \"IE-SW-VL08MT-6TX-2SC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"3.5.36\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Weidmueller\", \"product\": \"IE-SW-VL08MT-6TX-2ST\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"3.5.36\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Weidmueller\", \"product\": \"IE-SW-VL08MT-6TX-2SCS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"3.5.36\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Weidmueller\", \"product\": \"IE-SW-PL10M-3GT-7TX\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"3.3.34\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Weidmueller\", \"product\": \"IE-SW-PL10MT-3GT-7TX\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"3.3.34\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Weidmueller\", \"product\": \"IE-SW-PL16M-16TX\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"3.4.32\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Weidmueller\", \"product\": \"IE-SW-PL16MT-16TX\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"3.4.32\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Weidmueller\", \"product\": \"IE-SW-PL18M-2GC-16TX\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"3.4.40\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Weidmueller\", \"product\": \"IE-SW-PL18MT-2GC-16TX\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"3.4.40\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://certvde.com/en/advisories/VDE-2025-044/\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An unauthenticated remote attacker can exploit input validation in cmd services of the devices, allowing them to disrupt system operations and potentially cause a denial-of-service.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An unauthenticated remote attacker can exploit input validation in cmd services of the devices, allowing them to disrupt system operations and potentially cause a denial-of-service.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1287\", \"description\": \"CWE-1287 Improper Validation of Specified Type of Input\"}]}], \"providerMetadata\": {\"orgId\": \"270ccfa6-a436-4e77-922e-914ec3a9685c\", \"shortName\": \"CERTVDE\", \"dateUpdated\": \"2025-05-27T08:37:44.635Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-41650\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-27T13:39:51.332Z\", \"dateReserved\": \"2025-04-16T11:17:48.305Z\", \"assignerOrgId\": \"270ccfa6-a436-4e77-922e-914ec3a9685c\", \"datePublished\": \"2025-05-27T08:37:44.635Z\", \"assignerShortName\": \"CERTVDE\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…