{ "document": { "acknowledgments": [ { "organization": "CERT@VDE", "summary": "Support with this publication", "urls": [ "https://certvde.com" ] }, { "organization": "BSI", "summary": "Support in the coordination of vulnerability", "urls": [ "https://www.bsi.bund.de" ] } ], "aggregate_severity": { "namespace": "https://www.first.org/cvss/v3.1/specification-document", "text": "High" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en-US", "notes": [ { "category": "summary", "text": "Weidmüller product PROCON-WIN is affected by hard-coded credentials.\n\nWeidmüller has released a new version of the affected product to fix the vulnerability.", "title": "Summary" }, { "category": "general", "text": "As a general security measure, Weidmüller strongly recommends minimizing network exposure of products. Limit access to trusted networks by using appropriate mechanisms. ", "title": "General Recommendation" }, { "category": "description", "title": "Impact", "text": "An unauthenticated remote attacker can exploit the product to gain unauthorized administration privileges due to hard-coded credentials." }, { "category": "description", "title": "Remediation", "text": "Update to version 5.7.14.1" } ], "publisher": { "category": "vendor", "contact_details": "psirt@weidmueller.com", "name": "Weidmueller Interface GmbH & Co. KG", "namespace": "https://www.weidmueller.com" }, "references": [ { "summary": "Weidmüller Security Advisory Board", "url": "https://support.weidmueller.com/support-center/popular-resources/security-advisory-board" }, { "summary": "CERT@VDE Security Advisories for Weidmüller", "url": "https://certvde.com/de/advisories/vendor/weidmueller/" }, { "summary": "VDE-2025-021: Weidmueller: Authentication Vulnerability in PROCON-WIN 5 - HTML", "url": "https://certvde.com/de/advisories/VDE-2025-021", "category": "self" }, { "summary": "VDE-2025-021: Weidmueller: Authentication Vulnerability in PROCON-WIN 5 - CSAF", "url": "https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-021.json", "category": "self" } ], "title": "Weidmueller: Authentication Vulnerability in PROCON-WIN 5", "tracking": { "current_release_date": "2025-05-14T13:26:53.000Z", "generator": { "date": "2025-02-27T10:23:50.807Z", "engine": { "name": "Secvisogram", "version": "2.5.18" } }, "id": "VDE-2025-021", "initial_release_date": "2025-03-05T09:00:00.000Z", "revision_history": [ { "date": "2025-03-05T09:00:00.000Z", "number": "1", "summary": "Initial version" }, { "number": "2", "summary": "Fix: reference category", "date": "2025-05-14T13:26:53.000Z" } ], "status": "final", "version": "2", "aliases": [ "VDE-2025-021", "WMSA-2500002" ] } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "<5.7.14.1", "product": { "name": "PROCON-WIN <5.7.14.1", "product_id": "CSAFPID-0001" } }, { "category": "product_version", "name": "5.7.14.1", "product": { "name": "PROCON-WIN 5.7.14.1", "product_id": "CSAFPID-0002" } } ], "category": "product_name", "name": "PROCON-WIN" } ], "category": "product_family", "name": "Software" } ], "category": "vendor", "name": "Weidmüller GTI" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-1393", "cwe": { "id": "CWE-798", "name": "Use of Hard-coded Credentials" }, "notes": [ { "category": "description", "text": "An unauthenticated remote attacker can use hard-coded credentials to gain full administration privileges on the affected product.", "title": "Description" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "remediations": [ { "category": "vendor_fix", "date": "2025-02-03T10:36:00.000Z", "details": "Update to 5.7.14.1", "product_ids": [ "CSAFPID-0001" ], "url": "https://my.hidrive.com/share/7dxr7mhk9n#$/Security%20Patch%20PWIN%205.7.14" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "environmentalScore": 9.8, "environmentalSeverity": "CRITICAL", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "temporalScore": 9.8, "temporalSeverity": "CRITICAL", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2025-1393" } ] }