CVE-2025-41647

MEDIUM

PLC Designer V4 - Info Disclosure

Title source: llm

Description

A local, low-privileged attacker can learn the password of the connected controller in PLC Designer V4 due to an incorrect implementation that results in the password being displayed in plain text under special conditions.

References (1)

[Various Sources] https://certvde.com/en/advisories/VDE-2025-043/

Scores

CVSS v3 5.5

EPSS 0.0004

EPSS Percentile 11.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-312

Status published

Products (1)

Lenze/PLC Designer V4 0.0.0 - 4.0.0

Published Jun 25, 2025

Tracked Since Feb 18, 2026