Filtered by vendor Sauter
Subscriptions
Filtered by product Ey-modulo 5 Devices
Subscriptions
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-41720 | 1 Sauter | 2 Ey-modulo 5 Devices, Modulo 6 Devices | 2025-10-23 | 4.3 Medium |
| A low privileged remote attacker can upload arbitrary data masked as a png file to the affected device using the webserver API because only the file extension is verified. | ||||
| CVE-2025-41724 | 1 Sauter | 3 Ey-modulo 5 Devices, Modulo 6 Devices, Wscserver | 2025-10-23 | 7.5 High |
| An unauthenticated remote attacker can crash the wscserver by sending incomplete SOAP requests. The wscserver process will not be restarted by a watchdog and a device reboot is necessary to make it work again. | ||||
| CVE-2025-41722 | 1 Sauter | 2 Ey-modulo 5 Devices, Modulo 6 Devices | 2025-10-23 | 7.5 High |
| The wsc server uses a hard-coded certificate to check the authenticity of SOAP messages. An unauthenticated remote attacker can extract private keys from the Software of the affected devices. | ||||
| CVE-2025-41723 | 1 Sauter | 2 Ey-modulo 5 Devices, Modulo 6 Devices | 2025-10-23 | 9.8 Critical |
| The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to arbitrary locations. | ||||
| CVE-2025-41719 | 1 Sauter | 3 Ey-modulo 5 Devices, Modulo 6 Devices, Webserver | 2025-10-23 | 8.8 High |
| A low privileged remote attacker can corrupt the webserver users storage on the device by setting a sequence of unsupported characters which leads to deletion of all previously configured users and the creation of the default Administrator with a known default password. | ||||
Page 1 of 1.