CVE-2025-41705
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-14
Last updated on: 2025-11-03
Assigner: CERT VDE
Description
Description
An unauthenticated remote attacker (MITM) can intercept the websocket messages to gain access to the login credentials for the Webfrontend.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| phoenix_contact | quint4_ups | * |
| phoenix_contact | quint4_ups | vc |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-523 | Login pages do not use adequate measures to protect the user name and password while they are in transit from the client to the server. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows an unauthenticated remote attacker performing a man-in-the-middle (MITM) attack to intercept websocket messages. By doing so, the attacker can gain access to the login credentials used for the Webfrontend.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to user login credentials, potentially allowing attackers to compromise user accounts and access sensitive information or systems through the Webfrontend.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70