CVE-2025-40946

Name of the Vulnerable Software and Affected Versions blueplanet 100 NX3 M8 (affected versions not specified) blueplanet 100 TL3 GEN2 versions prior to V6.1.4.9 blueplanet 105 TL3 (affected versions not specified) blueplanet 105 TL3 GEN2 versions prior to V6.1.4.9 blueplanet 110 TL3 (affected versions not specified) blueplanet 125 NX3 M11 (affected versions not specified) blueplanet 125 TL3 (affected versions not specified) blueplanet 125 TL3 GEN2 versions prior to V6.1.4.9 blueplanet 137 TL3 (affected versions not specified) blueplanet 150 TL3 (affected versions not specified) blueplanet 150 TL3 GEN2 versions prior to V6.1.4.9 blueplanet 155 TL3 (affected versions not specified) blueplanet 155 TL3 GEN2 versions prior to V6.1.4.9 blueplanet 165 TL3 (affected versions not specified) blueplanet 165 TL3 GEN2 versions prior to V6.1.4.9 blueplanet 25.0 NX3-33.0 NX3 (affected versions not specified) blueplanet 3.0 NX3-20.0 NX3 (affected versions not specified) blueplanet 3.0 TL3-60.0 TL3 (affected versions not specified) blueplanet 3.0-5.0 NX1 (affected versions not specified) blueplanet 360 NX3 M6 (affected versions not specified) blueplanet 50.0 NX3-60.0 NX3 (affected versions not specified) blueplanet 87.0 TL3 (affected versions not specified) blueplanet 87.0 TL3 GEN2 versions prior to V6.1.4.9 blueplanet 92.0 TL3 (affected versions not specified) blueplanet 92.0 TL3 GEN2 versions prior to V6.1.4.9 blueplanet gridsafe 110 TL3-S versions prior to V3.91 blueplanet gridsafe 137 TL3-S versions prior to V3.91 blueplanet gridsafe 92.0 TL3-S versions prior to V3.91 blueplanet hybrid 10.0 TL3 (affected versions not specified) blueplanet hybrid 6.0 NH3-12.0 NH3 (affected versions not specified)

Description A weakness in the CRC16-based algorithm used to generate Technical Service credentials allows an attacker to derive these credentials from the device serial number. This could lead to unauthorized remote administrative access.

Recommendations Update blueplanet 100 TL3 GEN2 to version V6.1.4.9 or later. Update blueplanet 105 TL3 GEN2 to version V6.1.4.9 or later. Update blueplanet 125 TL3 GEN2 to version V6.1.4.9 or later. Update blueplanet 150 TL3 GEN2 to version V6.1.4.9 or later. Update blueplanet 155 TL3 GEN2 to version V6.1.4.9 or later. Update blueplanet 165 TL3 GEN2 to version V6.1.4.9 or later. Update blueplanet 87.0 TL3 GEN2 to version V6.1.4.9 or later. Update blueplanet 92.0 TL3 GEN2 to version V6.1.4.9 or later. Update blueplanet gridsafe 110 TL3-S to version V3.91 or later. Update blueplanet gridsafe 137 TL3-S to version V3.91 or later. Update blueplanet gridsafe 92.0 TL3-S to version V3.91 or later. At the moment, there is no information about a newer version that contains a fix for the other affected versions.