CVE-2025-41713
BaseFortify
Publication date: 2025-09-15
Last updated on: 2025-09-15
Assigner: CERT VDE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wago | cc100 | * |
| wago | touch_panel_600 | * |
| wago | edge_controller | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1188 | The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can lead to unstable system behavior and connectivity problems during device boot. More critically, it allows an unauthenticated remote attacker to send traffic to unauthorized networks within a short time frame during boot, potentially exposing network segments that should be protected. The impact includes limited confidentiality loss and availability degradation. [1, 2]
Can you explain this vulnerability to me?
CVE-2025-41713 is a hardware vulnerability in certain WAGO Ethernet switch circuits caused by a design flaw involving a PullUp resistor at the switch's reset input. This flaw causes the switch to activate prematurely during device boot, leading to an undefined operational state. During this brief boot window, an unauthenticated remote attacker can send traffic to unauthorized networks before the CPU resets and properly configures the switch. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade affected devices to newer hardware revisions combined with WAGO Firmware version 04.08.05 (FW30) or later. Firmware updates alone on older hardware or new hardware without the updated firmware will not resolve the issue. The updated hardware and firmware properly manage the switch activation and configuration process, preventing the undefined switch operation during boot that allows unauthorized traffic. [1, 2]