cbcvebase.

Sauter Ey-Modulo 5 Ecos 5 Ecos504 505 vulnerabilities

6 known vulnerabilities affecting sauter/ey-modulo_5_ecos_5_ecos504_505.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM1LOW1

Vulnerabilities

Page 1 of 1
CVE-2025-41723P2CRITICALCVSS 9.8≥ 0.0, < Firmware v6.02025-10-22
CVE-2025-41723 [CRITICAL] CWE-35 CVE-2025-41723: The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to arbitrary locations.
nvd
CVE-2025-41719P2HIGHCVSS 8.8≥ 0.0, < Firmware v6.02025-10-22
CVE-2025-41719 [HIGH] CWE-1286 CVE-2025-41719: A low privileged remote attacker can corrupt the webserver users storage on the device by setting a A low privileged remote attacker can corrupt the webserver users storage on the device by setting a sequence of unsupported characters which leads to deletion of all previously configured users and the creation of the default Administrator with a known default password.
nvd
CVE-2025-41722P3HIGHCVSS 7.5≥ 0.0, < Firmware v6.02025-10-22
CVE-2025-41722 [HIGH] CWE-798 CVE-2025-41722: The wsc server uses a hard-coded certificate to check the authenticity of SOAP messages. An unauthen The wsc server uses a hard-coded certificate to check the authenticity of SOAP messages. An unauthenticated remote attacker can extract private keys from the Software of the affected devices.
nvd
CVE-2025-41724P3HIGHCVSS 7.5≥ 0.0, < Firmware v6.02025-10-22
CVE-2025-41724 [HIGH] CWE-239 CVE-2025-41724: An unauthenticated remote attacker can crash the wscserver by sending incomplete SOAP requests. The An unauthenticated remote attacker can crash the wscserver by sending incomplete SOAP requests. The wscserver process will not be restarted by a watchdog and a device reboot is necessary to make it work again.
nvd
CVE-2025-41720P4MEDIUMCVSS 4.3≥ 0.0, < Firmware v6.02025-10-22
CVE-2025-41720 [MEDIUM] CWE-646 CVE-2025-41720: A low privileged remote attacker can upload arbitrary data masked as a png file to the affected devi A low privileged remote attacker can upload arbitrary data masked as a png file to the affected device using the webserver API because only the file extension is verified.
nvd
CVE-2025-41721P4LOWCVSS 2.7≥ 0.0, < Firmware v6.02025-10-22
CVE-2025-41721 [LOW] CWE-77 CVE-2025-41721: A high privileged remote attacker can influence the parameters passed to the openssl command due to A high privileged remote attacker can influence the parameters passed to the openssl command due to improper neutralization of special elements when adding a password protected self-signed certificate.
nvd
Sauter Ey-Modulo 5 Ecos 5 Ecos504 505 vulnerabilities | cvebase