CERT@VDE, in coordination with Weidmüller, has issued a critical security advisory regarding a vulnerability in the PROCON-WIN industrial configuration tool. Tracked as CVE-2025-1393 and assigned a CVSS score of 9.8, this vulnerability stems from the presence of hard-coded credentials, potentially granting unauthorized access to critical industrial systems.
“Weidmüller product PROCON-WIN is affected by hard-coded credentials,” states the advisory. This means that an attacker could exploit this vulnerability to gain complete control over the system without needing to guess or steal any passwords.
“An unauthenticated remote attacker can exploit the product to gain unauthorized administration privileges due to hard-coded credentials,” CERT@VDE warns. This could have severe consequences, including disruption of operations, data breaches, and even physical damage to equipment in industrial environments.
Fortunately, Weidmüller has addressed this vulnerability by releasing a new version of PROCON-WIN. “Weidmüller has released a new version of the affected product to fix the vulnerability,” the advisory confirms. Users are urged to update to version 5.7.14.1 immediately to mitigate the risk of exploitation.
Industrial control systems are increasingly becoming targets for cyberattacks, and vulnerabilities like this can have far-reaching consequences. Organizations utilizing PROCON-WIN are strongly advised to prioritize updating their systems to the latest version to ensure the security and integrity of their operations.
Related Posts:
- Western Digital ‘My Cloud’ Storage Devices exist secret hard-coded backdoor
- Kaspersky Report: Energy Industry becomes the largest area affected by vulnerabilities in industrial automation systems
- Hacker can use Smartphone Apps to control industrial processes
- Positive Technologies: “73 percent of industrial organizations’ networks are vulnerable to hackers”
