CVE-2025-41664
BaseFortify
Publication date: 2025-09-08
Last updated on: 2025-09-08
Assigner: CERT VDE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wago | coupler | 13 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a design flaw in the firmware of certain WAGO Coupler devices with firmware versions below 13. It involves improper permission enforcement in the file system management, where internal system partitions containing sensitive data like firmware files and certificates are temporarily exposed during runtime. Services such as FTP and SFTP do not enforce permissions properly, allowing a low-privileged remote attacker to gain unauthorized access to these critical resources. This access can lead to privilege escalation and modification of firmware. [1]
How can this vulnerability impact me? :
The vulnerability can allow a low-privileged remote attacker to access and modify critical resources such as firmware and certificates on affected devices. This can lead to unauthorized privilege escalation, potentially compromising the device's confidentiality, integrity, and availability. As a result, attackers could disrupt device operation, manipulate firmware, or gain further control over the system. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can focus on identifying if affected WAGO Coupler devices with firmware versions below 13 are present and if FTP or SFTP services are enabled and exposing internal system partitions. Network scanning tools can be used to detect open FTP/SFTP ports (typically 21 for FTP and 22 for SFTP). Commands such as 'nmap -p 21,22 <target-ip>' can help identify these services. Additionally, checking device firmware versions via device management interfaces or commands specific to the device can confirm vulnerability presence. However, no specific detection commands are provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling FTP by default and disabling SFTP on affected WAGO Coupler devices running firmware versions below 13 through device configuration. The definitive remediation is to update the firmware to version 13 or later. [1]