Share: Email | Twitter

ID

VDE-2025-052

Published

2025-06-11 10:00 (CEST)

Last update

2025-07-23 10:53 (CEST)

Vendor(s)

Weidmueller Interface GmbH & Co. KG

Product(s)

Article No° Product Name Affected Version(s)
IE-SR-2TX-WL < V1.49
IE-SR-2TX-WL-4G-EU < V1.62
IE-SR-2TX-WL-4G-US-V < V1.62

Summary

Weidmueller security routers IE-SR-2TX are affected by multiple vulnerabilities (CVE-2025-41661, CVE-2025-41663, CVE-2025-41683, CVE-2025-41684, CVE-2025-41687).

Weidmueller has released new firmware versions of the affected products to fix the vulnerabilities.

Update Version 1.1.0, 23.07.2025: Added CVEs CVE-2025-41683, CVE-2025-41684 and CVE-2025-41687. Updated CVSS Score for CVE-2025-41663. Removed CVE-2025-41662.

Vulnerabilities



CVE-2025-41663
9.8
Last Update
July 23, 2025, 10:34 a.m.
Severity
9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Weakness
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
Summary

For u-link Management API an unauthenticated remote attacker in a man-in-the-middle position can inject arbitrary commands in responses returned by WWH servers, which are then executed with elevated privileges. To get into such a position, clients would need to use insecure proxy configurations.

Details
certvde.com 
CVE-2025-41687
9.8
Last Update
July 23, 2025, 10:30 a.m.
Severity
9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Weakness
Stack-based Buffer Overflow (CWE-121)
Summary

An unauthenticated remote attacker may use a stack based buffer overflow in the u-link Management API to gain full access on the affected devices.

Details
cert.vde.com 
CVE-2025-41661
8.8
Last Update
July 23, 2025, 10:33 a.m.
Severity
8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Weakness
Cross-Site Request Forgery (CSRF) (CWE-352)
Summary

An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of Cross-Site Request Forgery (CSRF) protection.

Details
certvde.com 
CVE-2025-41683
8.8
Last Update
July 23, 2025, 10:28 a.m.
Severity
8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Weakness
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
Summary

An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface (endpoint event_mail_test).

Details
cert.vde.com 
CVE-2025-41684
8.8
Last Update
July 23, 2025, 10:29 a.m.
Severity
8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Weakness
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
Summary

An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface (endpoint tls_iotgen_setting).

Details
cert.vde.com 

Impact

Weidmueller security routers are vulnerable to multiple vulnerabilities, that may lead to execution of arbitrary commands on affected devices with root privileges.

Further information can be found under vulnerability details.

Solution

Remediation

Update to the new version as listed in the following table:

Product Affected Version Fixed Version
IE-SR-2TX-WL
 <V1.49
 V1.49
IE-SR-2TX-WL-4G-EU
 <V1.62 V1.62
IE-SR-2TX-WL-4G-US-V
 <V1.62 V1.62

General Recommendation

As a general security measure, Weidmueller strongly recommends to change the default passwords and to minimize the network exposure of products. Limit access to trusted networks by using the appropriate mechanisms.

Reported by

CERT@VDE coordinated with Weidmueller.

Weidmueller thanks ONEKEY Research Labs for Coordinated Disclosure.

Weidmueller thanks Reid Wightman of Dragos Inc. for Coordinated Disclosure.