CVE-2025-41647
MEDIUMLenze PLC Designer V4 < 4.0.0 - Unauthenticated Cleartext Password Exposure
Title source: llmDescription
A local, low-privileged attacker can learn the password of the connected controller in PLC Designer V4 due to an incorrect implementation that results in the password being displayed in plain text under special conditions.
References (1)
Core 1
Core References
Various Sources
https://certvde.com/en/advisories/VDE-2025-043/
Scores
CVSS v3
5.5
EPSS
0.0009
EPSS Percentile
0.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-312
Status
published
Products (1)
Lenze/PLC Designer V4
0.0.0 - 4.0.0
Published
Jun 25, 2025
Tracked Since
Feb 18, 2026