Wiesemann & Theis: Multiple products from Wiesemann & Theis support deprecated TLS protocol versions

VDE-2025-031

Last update

28.04.2025 12:00

Published at

28.04.2025 12:00

Vendor(s)

Wiesemann & Theis GmbH

External ID

VDE-2025-031

CSAF Document

Download

Summary

Com-Server firmware versions prior to 1.60 support the insecure TLS 1.0 and TLS 1.1 protocols, which are susceptible to man-in-the-middle attacks and thereby compromise the confidentiality and integrity of data.

Impact

An attacker with network access could exploit the use of insecure TLS 1.0 and TLS 1.1 protocols to intercept and manipulate encrypted communications between the Com-Server and connected systems. This could lead to unauthorized data access, credential theft, compromising the confidentiality and integrity of transmitted information.

Affected Product(s)

Model no.	Product name	Affected versions
58664	Com-Server 20mA	Firmware <1.60
58461	Com-Server OEM	Firmware <1.60
58662	Com-Server PoE 3x Isolated	Firmware <1.60
58669	Com-Server UL	Firmware <1.60
58665	Com-Server++	Firmware <1.60

Vulnerabilities

Expand / Collapse all

Published

22.09.2025 14:57

Severity

9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Weakness

Use of a Broken or Risky Cryptographic Algorithm (CWE-327)

Summary

An unauthenticated remote attacker could exploit the used, insecure TLS 1.0 and TLS 1.1 protocols to intercept and manipulate encrypted communications between the Com-Server and connected systems.

References

cve.org | nvd.nist.gov

Remediation

Update the Com-Server firmware to version 1.60.

Revision History

Version	Date	Summary
1	28.04.2025 12:00	Initial revision

Wiesemann & Theis: Multiple products from Wiesemann & Theis support deprecated TLS protocol versions

Summary

Impact

Affected Product(s)

Vulnerabilities

CVE-2025-3200 9.1

Remediation

Revision History