Jumo: Predictable debug-interface password in variTRON series

VDE-2025-086

Last update

11/10/2025 12:00

Published at

11/10/2025 12:00

Vendor(s)

JUMO GmbH & Co. KG

External ID

VDE-2025-086

CSAF Document

Download

Summary

A vulnerability was identified in the variTRON password generation algorithm of the debug-interface. The PRNG is initialized with the current Unix Timestamp, thus the resulting password is predictable.
With the password root-access to the UART and ssh Interface can be gained.
The impact is limited, since the debug-interface has to be actively enabled by an authorized user and will be deactivated automatically after the next reboot of the device.

Impact

Unauthorized root-access to the UART and ssh Interface.

Affected Product(s)

Model no.	Product name	Affected versions
	variTRON300	Firmware <9.0.2.5.
	variTRON500	Firmware <9.0.2.5.
	variTRON500 touch	Firmware <9.0.2.5.

Vulnerabilities

Expand / Collapse all

Published

11/10/2025 11:18

Severity

7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (CWE-338)

References

cve.org | nvd.nist.gov

Mitigation

Disable the debug-interface to prevent unauthorized root-access to the UART and ssh Interface.

Remediation

Update the affected products to version 9.0.2.5.

Acknowledgments

JUMO GmbH & Co. KG thanks the following parties for their efforts:

CERT@VDE for coordination (see https://certvde.com )

Revision History

Version	Date	Summary
1.0.0	11/10/2025 12:00	Release version.