CVE-2025-41712 PUBLISHED

Incorrect Permission Assignment on power analyzer

Assigner: CERTVDE
Reserved: 16.04.2025 Published: 10.03.2026 Updated: 10.03.2026

An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get access to sensitive information on the device. This is a result of incorrect permission assignment for the web server.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVSS Score: 6.5

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	None
User Interaction	Required	Availability Impact	None

CVSS 3.1

Product Status

Vendor	Janitza
Product	UMG 96RM-E 24V(5222063)
Versions	Default: unaffected affected from 0.0 to 3.13 (incl.)

Vendor	Janitza
Product	UMG 96RM-E 230V(5222062)
Versions	Default: unaffected affected from 0.0 to 3.13 (incl.)

Vendor	Weidmueller
Product	ENERGY METER 750-230 (2540910000)
Versions	Default: unaffected affected from 0.0 to 3.13 (incl.)

Vendor	Weidmueller
Product	ENERGY METER 750-24 (2540900000)
Versions	Default: unaffected affected from 0.0 to 3.13 (incl.)

CVE-2025-41712 PUBLISHED

Incorrect Permission Assignment on power analyzer

Metrics

Product Status

Credits

References

Problem Types