VDE-2025-031 | CERT@VDE

2025-04-28 12:00 (CEST) VDE-2025-031

Wiesemann & Theis: Multiple products from Wiesemann & Theis support deprecated TLS protocol versions

Share: Email | Twitter

ID

VDE-2025-031

Published

2025-04-28 12:00 (CEST)

Last update

2025-04-28 11:37 (CEST)

Vendor(s)

Wiesemann & Theis GmbH

Product(s)

Article No°	Product Name	Affected Version(s)
58665	Com-Server++	< 1.60
58664	Com-Server 20mA	< 1.60
58461	Com-Server OEM	< 1.60
58662	Com-Server PoE 3x Isolated	< 1.60
58669	Com-Server UL	< 1.60

Summary

Com-Server firmware versions prior to 1.60 support the insecure TLS 1.0 and TLS 1.1 protocols, which are susceptible to man-in-the-middle attacks and thereby compromise the confidentiality and integrity of data.

CVE ID

CVE-2025-3200

Last Update:

April 25, 2025, 10:47 a.m.

Severity

9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)

Weakness

Use of a Broken or Risky Cryptographic Algorithm (CWE-327)

Summary

An unauthenticated remote attacker could exploit the used, insecure TLS 1.0 and TLS 1.1 protocols to intercept and manipulate encrypted communications between the Com-Server and connected systems.

Details

cert.vde.com

Impact

An attacker with network access could exploit the use of insecure TLS 1.0 and TLS 1.1 protocols to intercept and manipulate encrypted communications between the Com-Server and connected systems. This could lead to unauthorized data access, credential theft, compromising the confidentiality and integrity of transmitted information.

Solution

Remediation

Update the Com-Server firmware to version 1.60.

Reported by

CERT@VDE coordinated with Wiesemann & Theis GmbH