Weidmueller Ie-Sr-2Tx-Wl vulnerabilities
5 known vulnerabilities affecting weidmueller/ie-sr-2tx-wl.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH3
Vulnerabilities
Page 1 of 1
CVE-2025-41687P2CRITICALCVSS 9.8≥ V0.0, < V1.492025-07-23
CVE-2025-41687 [CRITICAL] CWE-121 CVE-2025-41687: An unauthenticated remote attacker may use a stack based buffer overflow in the u-link Management AP
An unauthenticated remote attacker may use a stack based buffer overflow in the u-link Management API to gain full access on the affected devices.
nvd
CVE-2025-41683P2HIGHCVSS 8.8≥ V0.0, < V1.492025-07-23
CVE-2025-41683 [HIGH] CWE-78 CVE-2025-41683: An authenticated remote attacker can execute arbitrary commands with root privileges on affected dev
An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface (endpoint event_mail_test).
nvd
CVE-2025-41684P2HIGHCVSS 8.8≥ V0.0, < V1.492025-07-23
CVE-2025-41684 [HIGH] CWE-78 CVE-2025-41684: An authenticated remote attacker can execute arbitrary commands with root privileges on affected dev
An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface (endpoint tls_iotgen_setting).
nvd
CVE-2025-41663P2CRITICALCVSS 9.8fixed in V1.492025-06-11
CVE-2025-41663 [CRITICAL] CWE-78 CVE-2025-41663: For u-link Management API an unauthenticated remote attacker in a man-in-the-middle position can inj
For u-link Management API an unauthenticated remote attacker in a man-in-the-middle position can inject arbitrary commands in responses returned by WWH servers, which are then executed with elevated privileges. To get into such a position, clients would need to use insecure proxy configurations.
nvd
CVE-2025-41661P3HIGHCVSS 8.8fixed in V1.492025-06-11
CVE-2025-41661 [HIGH] CWE-352 CVE-2025-41661: An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected d
An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of Cross-Site Request Forgery (CSRF) protection.
nvd