WMSA-250004
Weidmueller Security Advisory by Weidmueller PSIRT

Weidmueller: Security routers IE-SR-2TX are affected by multiple vulnerabilities

Publisher: Weidmueller Interface GmbH & Co. KG Document category: csaf_security_advisory
Initial release date: 2025-06-11T10:00:00.000Z Engine: Secvisogram 2.5.30
Current release date: 2025-07-23T10:00:00.000Z Build Date: 2025-07-22T11:11:05.195Z
Current version: 1.1.0 Status: final
CVSSv3.1 Base Score: 9.8 Severity: High
Original language: Language: en-GB
Also referred to: VDE-2025-052, WMSA-2500004

Summary

Weidmueller security routers IE-SR-2TX are affected by multiple vulnerabilities (CVE-2025-41661, CVE-2025-41663, CVE-2025-41683, CVE-2025-41684, CVE-2025-41687). Weidmueller has released new firmware versions of the affected products to fix the vulnerabilities.

Update Version 1.1.0:
Added CVEs CVE-2025-41683, CVE-2025-41684 and CVE-2025-41687. Updated CVSS Score for CVE-2025-41663. Removed CVE-2025-41662.

General Recommendation

As a general security measure, Weidmueller strongly recommends to change the default passwords and to minimize the network exposure of products. Limit access to trusted networks by using the appropriate mechanisms.

Impact

Weidmueller security routers are vulnerable to multiple vulnerabilities, that may lead to execution of arbitrary commands on affected devices with root privileges. Further information can be found under vulnerability details.

Remediation

Update to the new version as listed in the following table:

Product Atricle number Affected Version Fixed Version
IE-SR-2TX-WL 2682590000 <V1.49 V1.49
IE-SR-2TX-WL-4G-EU 2682560000 <V1.62 V1.62
IE-SR-2TX-WL-4G-US-V 2682580000

Product groups

Affected products. Fixed products.

Vulnerabilities

CVE-2025-41661
Description

An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of Cross-Site Request Forgery (CSRF) protection.

CWE: CWE-352:Cross-Site Request Forgery (CSRF)

Product status

Known affected
Product CVSS-Vector CVSS Base Score
Firmware <V1.49 installed on IE-SR-2TX-WL CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 8.8
Firmware <V1.62 installed on IE-SR-2TX-WL-4G-EU CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 8.8
Firmware <V1.62 installed on IE-SR-2TX-WL-4G-US-V CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 8.8
Fixed
  • Firmware V1.49 installed on IE-SR-2TX-WL
  • Firmware V1.62 installed on IE-SR-2TX-WL-4G-EU
  • Firmware V1.62 installed on IE-SR-2TX-WL-4G-US-V

Remediations

Vendor fix (2025-05-27T15:00:00.000Z)

Update to version V1.49

For products:
  • Firmware <V1.49 installed on IE-SR-2TX-WL

Vendor fix (2025-05-27T15:00:00.000Z)

Update to version V1.62

For products:
  • Firmware <V1.62 installed on IE-SR-2TX-WL-4G-EU
  • Firmware <V1.62 installed on IE-SR-2TX-WL-4G-US-V

CVE-2025-41683
Description

An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface (endpoint event_mail_test).

CWE: CWE-78:Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Known affected
Product CVSS-Vector CVSS Base Score
Firmware <V1.49 installed on IE-SR-2TX-WL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 8.8
Firmware <V1.62 installed on IE-SR-2TX-WL-4G-EU CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 8.8
Firmware <V1.62 installed on IE-SR-2TX-WL-4G-US-V CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 8.8
Fixed
  • Firmware V1.49 installed on IE-SR-2TX-WL
  • Firmware V1.62 installed on IE-SR-2TX-WL-4G-EU
  • Firmware V1.62 installed on IE-SR-2TX-WL-4G-US-V

Remediations

Vendor fix (2025-05-27T15:00:00.000Z)

Update to version V1.49

For products:
  • Firmware <V1.49 installed on IE-SR-2TX-WL

Vendor fix (2025-05-27T15:00:00.000Z)

Update to version V1.62

For products:
  • Firmware <V1.62 installed on IE-SR-2TX-WL-4G-EU
  • Firmware <V1.62 installed on IE-SR-2TX-WL-4G-US-V

CVE-2025-41684
Description

An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface (endpoint tls_iotgen_setting).

CWE: CWE-78:Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Known affected
Product CVSS-Vector CVSS Base Score
Firmware <V1.49 installed on IE-SR-2TX-WL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 8.8
Firmware <V1.62 installed on IE-SR-2TX-WL-4G-EU CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 8.8
Firmware <V1.62 installed on IE-SR-2TX-WL-4G-US-V CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 8.8
Fixed
  • Firmware V1.49 installed on IE-SR-2TX-WL
  • Firmware V1.62 installed on IE-SR-2TX-WL-4G-EU
  • Firmware V1.62 installed on IE-SR-2TX-WL-4G-US-V

Remediations

Vendor fix (2025-05-27T15:00:00.000Z)

Update to version V1.49

For products:
  • Firmware <V1.49 installed on IE-SR-2TX-WL

Vendor fix (2025-05-27T15:00:00.000Z)

Update to version V1.62

For products:
  • Firmware <V1.62 installed on IE-SR-2TX-WL-4G-EU
  • Firmware <V1.62 installed on IE-SR-2TX-WL-4G-US-V

CVE-2025-41663
Description

For u-link Management API an unauthenticated remote attacker in a man-in-the-middle position can inject arbitrary commands in responses returned by WWH servers, which are then executed with elevated privileges. To get into such a position, clients would need to use insecure proxy configurations.

CWE: CWE-78:Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Known affected
Product CVSS-Vector CVSS Base Score
Firmware <V1.49 installed on IE-SR-2TX-WL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 9.8
Firmware <V1.62 installed on IE-SR-2TX-WL-4G-EU CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 9.8
Firmware <V1.62 installed on IE-SR-2TX-WL-4G-US-V CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 9.8
Fixed
  • Firmware V1.49 installed on IE-SR-2TX-WL
  • Firmware V1.62 installed on IE-SR-2TX-WL-4G-EU
  • Firmware V1.62 installed on IE-SR-2TX-WL-4G-US-V

Remediations

Vendor fix (2025-05-27T15:00:00.000Z)

Update to version V1.49

For products:
  • Firmware <V1.49 installed on IE-SR-2TX-WL

Vendor fix (2025-05-27T15:00:00.000Z)

Update to version V1.62

For products:
  • Firmware <V1.62 installed on IE-SR-2TX-WL-4G-EU
  • Firmware <V1.62 installed on IE-SR-2TX-WL-4G-US-V

CVE-2025-41687
Description

An unauthenticated remote attacker may use a stack based buffer overflow in the u-link Management API to gain full access on the affected devices.

CWE: CWE-121:Stack-based Buffer Overflow

Product status

Known affected
Product CVSS-Vector CVSS Base Score
Firmware <V1.49 installed on IE-SR-2TX-WL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 9.8
Firmware <V1.62 installed on IE-SR-2TX-WL-4G-EU CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 9.8
Firmware <V1.62 installed on IE-SR-2TX-WL-4G-US-V CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 9.8
Fixed
  • Firmware V1.49 installed on IE-SR-2TX-WL
  • Firmware V1.62 installed on IE-SR-2TX-WL-4G-EU
  • Firmware V1.62 installed on IE-SR-2TX-WL-4G-US-V

Remediations

Vendor fix (2025-05-27T15:00:00.000Z)

Update to version V1.49

For products:
  • Firmware <V1.49 installed on IE-SR-2TX-WL

Vendor fix (2025-05-27T15:00:00.000Z)

Update to version V1.62

For products:
  • Firmware <V1.62 installed on IE-SR-2TX-WL-4G-EU
  • Firmware <V1.62 installed on IE-SR-2TX-WL-4G-US-V

Acknowledgments

Weidmueller Interface GmbH & Co. KG thanks the following parties for their efforts:

Weidmueller Interface GmbH & Co. KG

Namespace: https://www.weidmueller.com

psirt@weidmueller.com

References

Revision history

Version Date of the revision Summary of the revision
1.0.0 2025-06-11T10:00:00.000Z Initial version
1.1.0 2025-07-23T10:00:00.000Z Added CVEs CVE-2025-41683, CVE-2025-41684 and CVE-2025-41687. Updated CVSS Score for CVE-2025-41663. Removed CVE-2025-41662.

Sharing rules

TLP:WHITE
For the TLP version see: https://www.first.org/tlp/