CVE-2025-41724
BaseFortify
Publication date: 2025-10-22
Last updated on: 2025-10-22
Assigner: CERT VDE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sauter | modulo_6 | 3.2.0 |
| sauter | case_suite | 5.2_sr5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-239 | The product does not properly handle when a particular element is not completely specified. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-41724 is a vulnerability in the embedded web server (wscserver) of SAUTER modulo 6 devices where an unauthenticated remote attacker can crash the wscserver by sending incomplete SOAP requests. Once crashed, the wscserver process does not automatically restart, requiring a device reboot to restore functionality. This vulnerability can lead to denial of service by making the device unavailable until rebooted. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by causing a denial of service on affected SAUTER modulo 6 devices. An attacker can remotely crash the embedded web server without authentication, making the device unresponsive until it is manually rebooted. This disrupts device availability and may affect any systems or processes relying on the device's operation. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, upgrade the SAUTER modulo 6 embedded firmware to version 3.2.0 or newer and upgrade the CASE Suite software to version 5.2 SR5 or newer. Additionally, protect device and network access by following best security practices. Note that updates require a device restart to take effect. [1]