← Back
2026-03-10 8:26CVE-2025-41711CERTVDE
PUBLISHED5.2CWE-327

Use of a Broken or Risky Cryptographic Algorithm for firmware images of power analyzer

An unauthenticated remote attacker can use firmware images to extract password hashes and brute force plaintext passwords of accounts with limited access.

Problem type

Affected products

Janitza

UMG 96RM-E 24V(5222063)

<= 3.13 - AFFECTED

UMG 96RM-E 230V(5222062)

<= 3.13 - AFFECTED

Weidmueller

ENERGY METER 750-230 (2540910000)

<= 3.13 - AFFECTED

ENERGY METER 750-24 (2540900000)

<= 3.13 - AFFECTED

References

certvde.com

https://certvde.com/en/advisories/VDE-2025-079/

vendor-advisory
certvde.com

https://certvde.com/en/advisories/VDE-2025-096/

vendor-advisory
janitza.csaf-tp.certvde.com

https://janitza.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-079.json

vendor-advisory
weidmueller.csaf-tp.certvde.com

https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-096.json

vendor-advisory

JSON source

https://cveawg.mitre.org/api/cve/CVE-2025-41711
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2025-41711",
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "dateUpdated": "2026-03-10T08:26:48.759Z",
    "dateReserved": "2025-04-16T11:17:48.311Z",
    "datePublished": "2026-03-10T08:26:48.759Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE",
        "dateUpdated": "2026-03-10T08:26:48.759Z"
      },
      "title": "Use of a Broken or Risky Cryptographic Algorithm for firmware images of power analyzer",
      "descriptions": [
        {
          "lang": "en",
          "value": "An unauthenticated remote attacker can use firmware images to extract password hashes and brute force plaintext passwords of accounts with limited access.",
          "supportingMedia": [
            {
              "type": "text/html",
              "base64": false,
              "value": "<span style=\"background-color: rgb(255, 255, 255);\">An unauthenticated remote attacker can use firmware images to extract password hashes and brute force plaintext passwords of accounts with limited access.</span><br>"
            }
          ]
        }
      ],
      "affected": [
        {
          "vendor": "Janitza",
          "product": "UMG 96RM-E 24V(5222063)",
          "defaultStatus": "unaffected",
          "versions": [
            {
              "version": "0.0",
              "status": "affected",
              "versionType": "custom",
              "lessThanOrEqual": "3.13"
            }
          ]
        },
        {
          "vendor": "Janitza",
          "product": "UMG 96RM-E 230V(5222062)",
          "defaultStatus": "unaffected",
          "versions": [
            {
              "version": "0.0",
              "status": "affected",
              "versionType": "custom",
              "lessThanOrEqual": "3.13"
            }
          ]
        },
        {
          "vendor": "Weidmueller",
          "product": "ENERGY METER 750-230 (2540910000)",
          "defaultStatus": "unaffected",
          "versions": [
            {
              "version": "0.0",
              "status": "affected",
              "versionType": "custom",
              "lessThanOrEqual": "3.13"
            }
          ]
        },
        {
          "vendor": "Weidmueller",
          "product": "ENERGY METER 750-24 (2540900000)",
          "defaultStatus": "unaffected",
          "versions": [
            {
              "version": "0.0",
              "status": "affected",
              "versionType": "custom",
              "lessThanOrEqual": "3.13"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
              "cweId": "CWE-327",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://certvde.com/en/advisories/VDE-2025-079/",
          "tags": [
            "vendor-advisory"
          ]
        },
        {
          "url": "https://certvde.com/en/advisories/VDE-2025-096/",
          "tags": [
            "vendor-advisory"
          ]
        },
        {
          "url": "https://janitza.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-079.json",
          "tags": [
            "vendor-advisory"
          ]
        },
        {
          "url": "https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-096.json",
          "tags": [
            "vendor-advisory"
          ]
        }
      ],
      "metrics": [
        {
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ],
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "attackVector": "NETWORK",
            "attackComplexity": "LOW",
            "privilegesRequired": "NONE",
            "userInteraction": "NONE",
            "scope": "UNCHANGED",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM"
          }
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Deutsche Telekom Security (DT Security)",
          "user": "00000000-0000-4000-9000-000000000000",
          "type": "reporter"
        }
      ]
    }
  }
}