CVE-2025-41711 PUBLISHED

Use of a Broken or Risky Cryptographic Algorithm for firmware images of power analyzer

Assigner: CERTVDE
Reserved: 16.04.2025 Published: 10.03.2026 Updated: 10.03.2026

An unauthenticated remote attacker can use firmware images to extract password hashes and brute force plaintext passwords of accounts with limited access.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS Score: 5.3

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	Low
Privileges Required	None	Integrity Impact	None
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	Janitza
Product	UMG 96RM-E 24V(5222063)
Versions	Default: unaffected affected from 0.0 to 3.13 (incl.)

Vendor	Janitza
Product	UMG 96RM-E 230V(5222062)
Versions	Default: unaffected affected from 0.0 to 3.13 (incl.)

Vendor	Weidmueller
Product	ENERGY METER 750-230 (2540910000)
Versions	Default: unaffected affected from 0.0 to 3.13 (incl.)

Vendor	Weidmueller
Product	ENERGY METER 750-24 (2540900000)
Versions	Default: unaffected affected from 0.0 to 3.13 (incl.)

CVE-2025-41711 PUBLISHED

Use of a Broken or Risky Cryptographic Algorithm for firmware images of power analyzer

Metrics

Product Status

Credits

References

Problem Types