{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-41653", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2025-04-16T11:17:48.306Z", "datePublished": "2025-05-27T08:38:29.005Z", "dateUpdated": "2025-05-27T13:12:39.961Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "IE-SW-VL05M-5TX", "vendor": "Weidmueller", "versions": [{"lessThan": "3.6.32", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "IE-SW-VL05MT-5TX", "vendor": "Weidmueller", "versions": [{"lessThan": "3.6.32", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "IE-SW-VL08MT-8TX", "vendor": "Weidmueller", "versions": [{"lessThan": "3.5.36", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "IE-SW-VL08MT-5TX-1SC-2SCS", "vendor": "Weidmueller", "versions": [{"lessThan": "3.5.36", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "IE-SW-VL08MT-6TX-2SC", "vendor": "Weidmueller", "versions": [{"lessThan": "3.5.36", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "IE-SW-VL08MT-6TX-2ST", "vendor": "Weidmueller", "versions": [{"lessThan": "3.5.36", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "IE-SW-VL08MT-6TX-2SCS", "vendor": "Weidmueller", "versions": [{"lessThan": "3.5.36", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "IE-SW-PL10M-3GT-7TX", "vendor": "Weidmueller", "versions": [{"lessThan": "3.3.34", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "IE-SW-PL10MT-3GT-7TX", "vendor": "Weidmueller", "versions": [{"lessThan": "3.3.34", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "IE-SW-PL16M-16TX", "vendor": "Weidmueller", "versions": [{"lessThan": "3.4.32", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "IE-SW-PL16MT-16TX", "vendor": "Weidmueller", "versions": [{"lessThan": "3.4.32", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "IE-SW-PL18M-2GC-16TX", "vendor": "Weidmueller", "versions": [{"lessThan": "3.4.40", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "IE-SW-PL18MT-2GC-16TX", "vendor": "Weidmueller", "versions": [{"lessThan": "3.4.40", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An unauthenticated remote attacker can exploit a denial-of-service vulnerability in the device's web server functionality by sending a specially crafted HTTP request with a malicious header, potentially causing the server to crash or become unresponsive."}], "value": "An unauthenticated remote attacker can exploit a denial-of-service vulnerability in the device's web server functionality by sending a specially crafted HTTP request with a malicious header, potentially causing the server to crash or become unresponsive."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-410", "description": "CWE-410 Insufficient Resource Pool", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2025-05-27T08:38:29.005Z"}, "references": [{"url": "https://certvde.com/en/advisories/VDE-2025-044/"}], "source": {"advisory": "VDE-2025-044", "defect": ["CERT@VDE#641785"], "discovery": "UNKNOWN"}, "title": "Weidmueller: Denial-of-Service Vulnerability in the web server functionality of Industrial Ethernet Switches", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-27T13:08:48.596317Z", "id": "CVE-2025-41653", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-27T13:12:39.961Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-41653", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-27T13:08:48.596317Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-27T13:11:35.843Z"}}], "cna": {"title": "Weidmueller: Denial-of-Service Vulnerability in the web server functionality of Industrial Ethernet Switches", "source": {"defect": ["CERT@VDE#641785"], "advisory": "VDE-2025-044", "discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Weidmueller", "product": "IE-SW-VL05M-5TX", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "3.6.32", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Weidmueller", "product": "IE-SW-VL05MT-5TX", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "3.6.32", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Weidmueller", "product": "IE-SW-VL08MT-8TX", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "3.5.36", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Weidmueller", "product": "IE-SW-VL08MT-5TX-1SC-2SCS", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "3.5.36", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Weidmueller", "product": "IE-SW-VL08MT-6TX-2SC", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "3.5.36", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Weidmueller", "product": "IE-SW-VL08MT-6TX-2ST", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "3.5.36", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Weidmueller", "product": "IE-SW-VL08MT-6TX-2SCS", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "3.5.36", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Weidmueller", "product": "IE-SW-PL10M-3GT-7TX", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "3.3.34", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Weidmueller", "product": "IE-SW-PL10MT-3GT-7TX", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "3.3.34", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Weidmueller", "product": "IE-SW-PL16M-16TX", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "3.4.32", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Weidmueller", "product": "IE-SW-PL16MT-16TX", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "3.4.32", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Weidmueller", "product": "IE-SW-PL18M-2GC-16TX", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "3.4.40", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Weidmueller", "product": "IE-SW-PL18MT-2GC-16TX", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "3.4.40", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://certvde.com/en/advisories/VDE-2025-044/"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An unauthenticated remote attacker can exploit a denial-of-service vulnerability in the device's web server functionality by sending a specially crafted HTTP request with a malicious header, potentially causing the server to crash or become unresponsive.", "supportingMedia": [{"type": "text/html", "value": "An unauthenticated remote attacker can exploit a denial-of-service vulnerability in the device's web server functionality by sending a specially crafted HTTP request with a malicious header, potentially causing the server to crash or become unresponsive.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-410", "description": "CWE-410 Insufficient Resource Pool"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2025-05-27T08:38:29.005Z"}}}, "cveMetadata": {"cveId": "CVE-2025-41653", "state": "PUBLISHED", "dateUpdated": "2025-05-27T13:12:39.961Z", "dateReserved": "2025-04-16T11:17:48.306Z", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "datePublished": "2025-05-27T08:38:29.005Z", "assignerShortName": "CERTVDE"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An unauthenticated remote attacker can exploit a denial-of-service vulnerability in the device's web server functionality by sending a specially crafted HTTP request with a malicious header, potentially causing the server to crash or become unresponsive."}, {"lang": "es", "value": "Un atacante remoto no autenticado puede explotar una vulnerabilidad de denegaci\u00f3n de servicio en la funcionalidad del servidor web del dispositivo enviando una solicitud HTTP especialmente manipulada con un encabezado malicioso, lo que podr\u00eda provocar que el servidor se bloquee o deje de responder."}], "id": "CVE-2025-41653", "lastModified": "2025-05-28T15:01:30.720", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2025-05-27T09:15:21.903", "references": [{"source": "[email protected]", "url": "https://certvde.com/en/advisories/VDE-2025-044/"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-410"}], "source": "[email protected]", "type": "Primary"}]}

{}