PT-2025-9793 · Weidmueller · Procon-Win

Published

2025-03-03

Updated

2025-03-07

CVE-2025-1393

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Weidmueller PROCON-WIN versions prior to 5.7.14.1

Description The issue is related to the use of hard-coded credentials in the PROCON-WIN SCADA system, allowing an unauthenticated remote attacker to gain full administration privileges on the affected product. This can be exploited by using the hard-coded credentials, potentially leading to elevated privileges.

Recommendations For Weidmueller PROCON-WIN versions prior to 5.7.14.1, update to version 5.7.14.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the system to minimize the risk of exploitation. Avoid using the hard-coded credentials in the affected product until the issue is resolved.

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

BDU:2025-02409

CVE-2025-1393

Affected Products

Procon-Win

PT-2025-9793 · Weidmueller · Procon-Win

CVE-2025-1393

Weakness Enumeration

Related Identifiers

Affected Products

References · 12