CVE-2025-3200: Wiesemann & Theis Com-Server Devices Exposed by Deprecated TLS Protocols

A coordinated security advisory from CERT@VDE and Wiesemann & Theis GmbH has revealed critical vulnerabilities impacting several Wiesemann & Theis products, including the Com-Server++ and related models. The vulnerabilities center on the use of deprecated TLS 1.0 and TLS 1.1 protocols, leaving encrypted communications dangerously exposed to interception and tampering.

“Com-Server firmware versions prior to 1.60 support the insecure TLS 1.0 and TLS 1.1 protocols, which are susceptible to man-in-the-middle attacks and thereby compromise the confidentiality and integrity of data,” the advisory explains.​

Tracked as CVE-2025-3200 and assigned a CVSS score of 9.1, this vulnerability allows an unauthenticated remote attacker to eavesdrop on and manipulate sensitive communications between Com-Server devices and connected systems.

The vulnerability affects the following Wiesemann & Theis products running firmware versions prior to 1.60:

• 58665 — Com-Server++
• 58664 — Com-Server 20mA
• 58461 — Com-Server OEM
• 58662 — Com-Server PoE 3x Isolated
• 58669 — Com-Server UL

These devices are widely deployed in industrial automation, manufacturing environments, and critical infrastructure — sectors where data confidentiality and integrity are paramount.

Wiesemann & Theis recommends immediate action: upgrading affected Com-Server devices to firmware version 1.60 or higher. The updated firmware disables support for insecure TLS protocols, ensuring robust protection against interception attacks.

“Update the Com-Server firmware to version 1.60,” the advisory succinctly states.​

Firmware updates and further instructions are available on the Wiesemann & Theis website and through official support channels.

Related Posts:

• Mozilla pushes to enable TLS 1.3 in Firefox
• Your Keyboard May Be Spilling Your Secrets – Critical Flaws Expose Keystrokes of Millions