CVE-2025-41651
CRITICALWeidmueller Industrial Ethernet Switches - Unauthenticated Command Execution
Title source: manualDescription
Due to missing authentication on a critical function of the devices an unauthenticated remote attacker can execute arbitrary commands, potentially enabling unauthorized upload or download of configuration files and leading to full system compromise.
References (1)
Core 1
Core References
Various Sources
https://certvde.com/en/advisories/VDE-2025-044/
Scores
CVSS v3
9.8
EPSS
0.0051
EPSS Percentile
39.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-306
Status
published
Products (13)
Weidmueller/IE-SW-PL10M-3GT-7TX
0.0.0 - 3.3.34
Weidmueller/IE-SW-PL10MT-3GT-7TX
0.0.0 - 3.3.34
Weidmueller/IE-SW-PL16M-16TX
0.0.0 - 3.4.32
Weidmueller/IE-SW-PL16MT-16TX
0.0.0 - 3.4.32
Weidmueller/IE-SW-PL18M-2GC-16TX
0.0.0 - 3.4.40
Weidmueller/IE-SW-PL18MT-2GC-16TX
0.0.0 - 3.4.40
Weidmueller/IE-SW-VL05M-5TX
0.0.0 - 3.6.32
Weidmueller/IE-SW-VL05MT-5TX
0.0.0 - 3.6.32
Weidmueller/IE-SW-VL08MT-5TX-1SC-2SCS
0.0.0 - 3.5.36
Weidmueller/IE-SW-VL08MT-6TX-2SC
0.0.0 - 3.5.36
... and 3 more
Published
May 27, 2025
Tracked Since
Feb 18, 2026