![janitza logo β CVE-2025-41709; PROBLEMTYPE] in [VENDOR] [PRODUCT] [COMPONENT] Allows [IMPACT](data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAYAAABXAvmHAAAFmUlEQVR4nO2Z228SWxuHnzkCc2A4VFpTqPZCjTG90nhtYuKt/7Ex6pVNL0z0whaqqYltKTAFZmCGOX1XMxs+2FtwK2UnvgkhZMGa9az3sH7vQgAS/sMm3vQC/q39Abhp+wNw0ybfxENFUUQURQRBQBCEmbEkSYjjmDiOSZIfF8i1AyiKQqlUYm9vj2KxiCRJGUQcx4RhyOXlJd+/f8d1XaIo+sf51gogCAKFQoFGo8Hz589pNBqoqjoD4Louh4eHjEYjPM/bPABd19nf3+fZs2c8fPgQVVWz8TAM6Xa79Ho9jo6OEMUfp+iNANRqNRqNBvV6HVn+awme5+H7PqIoEgQBcRz/cM61VqEUoFwuUygUkCRpZjyKIobDIf1+n9FotJkAhmFQqVRmYj+1MAwZDAYMBgM8z9tMgNQDiqLMjYdhyPX1NcPhkCAIliqjawMQBAFJkjBNk3K5PBP7qQVBgG3bOI5DFEWbB6AoCoZhUCqVFnogCAJ6vR6O4yy1eFgjgCiK5PN5LMvCsqw5DyRJgu/7mQc2EkDTNIrFIqZpLqxAnudh2zau624egCzLGIaBZVnouj4DkCQJQRDgui62bTMejzcPQJIkisUixWKRQqEwd8pOJhMcx8lK6LK2NgBFUbAsC9M0UVV1BiBJEjzPYzAYMBwO8X1/8zwgyzLlchnTNJFleeYQSwHSM2AymSw971o9UC6XMQxjLnySJJmJ/2XPAFgTgCAIqKqaAfy/hAAyAN/3fyihp20tAKIoksvlqFQq6Lo+B5D2AbZtrxQ+sAYAQRCQZRlN0yiVSmiaNvedJElwHIder0cQBCvNv1Q/kC5CluWFTUbaCkZRtFBBTkuIfD4/l8BhGDIcDrFt+9cDCIKAKIpYlkWlUiGfzyOK4kySeZ5Hp9NZqCIFQSCXy2GaJsVicQ4gjmMmkwmDwYDr62vCMPy1AKkEODg44OnTp9y6dWtGx4RhyPn5OW/evOHk5IR+vz83R6qBDMOYaSFTgPF4nPUBvwXANE0ODg54+fIljUaDXC6X7bLv+3z69IlWq8XZ2RmCIMx5QNM0yuUyuq6jKMqMB6IownEc+v3+UrcQKwNIkoRhGGxtbbGzs5N1U/BX/VYUhTAMF+5eugFbW1tomjYn4tImZroP+OUAuq5nIkxV1SyEkiTJLqeSJJk7fERRRFVVtre3uXPnDoVCYa6E+r5Pu92m2+2uJCGWBhBFkUKhQKFQWNjHSpKEpmncvn2b3d1dVFXNKpGqqlSrVR49esS9e/fmSmgcx4xGI87Ozmi320wmk6X64JUA0lZw+gZteiyfz1Ov13nx4gXb29t8+/YN3/eRJAnLsrh79y6PHz/mwYMH6Lqe/TaV0LZtc3JywsXFxcqLXwogfdBkMlkYn5IkUa1WefLkCY1GA9u2CcMw81y1WmVnZ4dSqTTXA/R6PZrNJp8/f+bq6ur3AKRXHbZtMxgM5pqR1At7e3vU6/UsF1JvLbrIjaII13VpNpscHR3RarUYDAYrx//SAJ1Oh9PTU05PTzFNMyuF6YKmw+zvLAWL4xjHcfjy5Qvv3r3j9evXtNttwjD8PQDpbdnHjx959eoVgiBw//79rJymu/tPFscxQRAwHo+5urqi1Wrx/v173r59y/HxMa7r/lT4LAUQxzG+73N8fJzlw+XlJfv7+5k0+Lskj+OYKIrwfR/Xdel0OjSbTT58+MDh4SFfv36l3++vXPunTWDJv1lTRVmr1djd3aVer1Or1SiVSplESMVekiREUcRkMmE8HtPv9+l2u1xcXHB+fk673ca2bTzPW1k6/DQAzEpj0zQxTRNd18nlciiKMhNOqUL1fZ/xeIzjOAyHQ1zXxff9nw6ZfwUwDZKq1PTz9Dswk5BpAk+/fpX9FMAm2X/+X8o/ADdtfwBu2v4H87EkHe34W70AAAAASUVORK5CYII=)
CVE-2025-41709
PROBLEMTYPE] in [VENDOR] [PRODUCT] [COMPONENT] Allows [IMPACT
Publication date: 2026-03-10
Last updated on: 2026-03-18
Assigner: CERT VDE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| janitza | umg_96rm_e | to 3.13 (inc) |
| weidmueller | energy_meter_750_230 | to 3.13 (inc) |
| weidmueller | energy_meter_750_24 | to 3.13 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-41709 is a critical OS command injection vulnerability (CWE-78) affecting Janitza UMG 96RM-E power analyzers and Weidmueller Energy Meter models 750-24 and 750-230 with firmware versions up to 3.13.
An unauthenticated remote attacker can exploit this vulnerability via Modbus-TCP or Modbus-RTU protocols to inject OS commands, gaining read and write access on the affected device.
Successful exploitation can lead to full system compromise, including remote code execution, allowing the attacker to control the device completely.
This vulnerability is part of a set of multiple security issues in these devices, all fixed by updating to firmware version 3.14 or later.
How can this vulnerability impact me? :
Exploitation of CVE-2025-41709 allows an unauthenticated remote attacker to gain full read and write access to the affected device.
This can lead to complete system compromise, including remote code execution, which may disrupt device operation, cause data loss, or allow the attacker to manipulate device functions.
Such control over critical energy monitoring devices could impact operational availability, data integrity, and confidentiality.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves OS command injection via Modbus-TCP or Modbus-RTU protocols on affected devices. Detection can focus on monitoring Modbus traffic for unusual or unauthorized commands that could indicate exploitation attempts.
Network detection might include capturing and analyzing Modbus packets for suspicious payloads or commands that attempt to inject OS commands.
On the affected devices, checking the firmware version is critical since versions 3.13 and earlier are vulnerable.
- Use network packet capture tools (e.g., Wireshark or tcpdump) to monitor Modbus-TCP or Modbus-RTU traffic for suspicious command patterns.
- Run commands or scripts to query the device firmware version to verify if it is 3.13 or earlier.
- Look for unexpected read/write operations or commands on the device that could indicate exploitation.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to update the firmware of affected devices to version 3.14 or later, where this vulnerability and related issues have been fixed.
Additional immediate steps include restricting network access to the affected devices by limiting Modbus protocol exposure to trusted networks only.
Changing default passwords and credentials on the devices is also recommended to reduce the risk of unauthorized access.