Ddos 
In a recent security advisory coordinated by CERT@VDE, Weidmueller has disclosed multiple critical vulnerabilities affecting its IE-SR-2TX series security routers, widely deployed in industrial automation and critical infrastructure environments. These flaws, tracked under five CVEs, expose the devices to unauthenticated remote command execution, buffer overflows, and web interface injection attacksβpotentially giving attackers root-level control over affected devices.
Two of the vulnerabilities, CVE-2025-41663 and CVE-2025-41687, have been rated CVSS 9.8 (Critical) and pose the greatest risk. CVE-2025-41663 allows an unauthenticated attacker in a man-in-the-middle (MITM) position to inject malicious commands into responses from WWH servers via the u-link Management API. This exploit depends on clients using insecure proxy configurations, but when successful, commands are executed with elevated privileges.
βAn unauthenticated remote attacker in a man-in-the-middle position can inject arbitrary commandsβ¦ which are then executed with elevated privileges,β the advisory states.
CVE-2025-41687, also rated 9.8, leverages a stack-based buffer overflow in the same u-link Management API. An attacker does not need authentication and can exploit this vulnerability remotely to gain full control of the device.
The advisory also details three other vulnerabilitiesβCVE-2025-41661, CVE-2025-41683, and CVE-2025-41684βeach rated CVSS 8.8. These flaws arise from a lack of input validation and CSRF protection in the web interface, which could allow authenticated or even unauthenticated attackers to execute arbitrary commands with root privileges.
- CVE-2025-41661 results from the absence of CSRF protection.
- CVE-2025-41683 involves improper input sanitization in the event_mail_test endpoint.
- CVE-2025-41684 targets the tls_iotgen_setting endpoint for similar flaws.
If successfully exploited, these vulnerabilities could allow attackers to manipulate industrial networks, disrupt operations, or use compromised routers as a launch point for broader intrusions. Weidmueller has addressed the issues by releasing updated firmware versions across affected product lines, including:
- IE-SR-2TX-WL: Update to v1.49
- IE-SR-2TX-WL-4G-EU: Update to v1.62
- IE-SR-2TX-WL-4G-US-V: Update to v1.62
Alongside the patch releases, Weidmueller emphasizes best practices for securing network infrastructure: changing default passwords, limiting exposure to trusted networks, and using secure configurations to minimize attack surfaces.
Related Posts:
- Flaws in Weidmueller IE-SR-2TX Routers Allow Remote Root Access!
- Critical (CVSS 9.8): Weidmueller Switch Flaws Risk Full System Compromise
- Kaspersky Report: Energy Industry becomes the largest area affected by vulnerabilities in industrial automation systems
- Linux Kernel Vulnerability Exposes Local Systems to Privilege Escalation, PoC Published
- Buffer Overflows Vulnerabilities: CISA & FBI Issue Urgent Warning
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
