CVE-2025-41648
CRITICALPilz IndustrialPI 4 with IndustrialPI webstatus < 2.4.6 - Unauthenticated Authentication Bypass
Title source: llmDescription
An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available settings of the IndustrialPI.
References (1)
Core 1
Core References
Various Sources
https://certvde.com/en/advisories/VDE-2025-039
Scores
CVSS v3
9.8
EPSS
0.0070
EPSS Percentile
48.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-704
Status
published
Products (1)
Pilz/IndustrialPI 4 with IndustrialPI webstatus
< 2.4.6
Published
Jul 01, 2025
Tracked Since
Feb 18, 2026