CVE-2025-41709
CRITICALJanitza UMG 96RM-E and Weidmueller ENERGY METER 750 < 3.13 - Unauthenticated OS Command Injection via Modbus-TCP/RTU
Title source: llmDescription
An unauthenticated remote attacker can perform a command injection via Modbus-TCP or Modbus-RTU to gain read and write access on the affected device.
References (4)
Core 4
Core References
Various Sources vendor-advisory
https://certvde.com/en/advisories/VDE-2025-079/
Various Sources vendor-advisory
https://certvde.com/en/advisories/VDE-2025-096/
Various Sources vendor-advisory
https://janitza.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-079.json
Various Sources vendor-advisory
https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-096.json
Scores
CVSS v3
9.8
EPSS
0.0215
EPSS Percentile
79.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (4)
Janitza/UMG 96RM-E 230V(5222062)
0.0 - 3.13
Janitza/UMG 96RM-E 24V(5222063)
0.0 - 3.13
Weidmueller/ENERGY METER 750-230 (2540910000)
0.0 - 3.13
Weidmueller/ENERGY METER 750-24 (2540900000)
0.0 - 3.13
Published
Mar 10, 2026
Tracked Since
Mar 11, 2026