PT-2025-43028 · Sauter · Ey-Modulo 5 Ecos 5 Ecos504/505+5

Published

2025-10-22

Updated

2025-10-22

CVE-2025-41722

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

The wsc server uses a hard-coded certificate to check the authenticity of SOAP messages. An unauthenticated remote attacker can extract private keys from the Software of the affected devices.

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2025-41722

Affected Products

Ey-Modulo 5 Ecos 5 Ecos504/505

Ey-Modulo 5 Modu 5 Modu524

Ey-Modulo 5 Modu 5 Modu525

Modulo 6 Devices Modu612-Lc

Modulo 6 Devices Modu660-As

Modulo 6 Devices Modu680-As

PT-2025-43028 · Sauter · Ey-Modulo 5 Ecos 5 Ecos504/505+5

CVE-2025-41722

Weakness Enumeration

Related Identifiers

Affected Products

References · 2