CRITICAL🇵🇱 Wersja polska

CVE-2025-41730

CVSS 9.8v3.1pub. 2025-12-10upd. 2025-12-19

An unauthenticated remote attacker can abuse unsafe sscanf calls within the check_account() function to write arbitrary data into fixed-size stack buffers which leads to full device compromise.

🤖 AI Analysis
How it works

The vulnerability results from unsafe use of the sscanf function within the check_account() function – input data is not properly validated for length. An attacker can provide crafted input data that causes arbitrary data to be written beyond the boundaries of fixed-size buffers allocated on the stack (stack buffer overflow, CWE-121, CWE-787). Stack buffer overflow can be exploited to overwrite the return address or other critical control data, leading to arbitrary code execution on the device.

Impact

An attacker can gain full control over the vulnerable device (full device compromise), including the ability to execute arbitrary code with the privileges of the process handling the connection. Compromise of device confidentiality, integrity, and availability is possible.

Mitigation & patch

Apply patches available from the manufacturer according to the references (advisory VDE-2025-095 available at https://certvde.com/de/advisories/VDE-2025-095). Until the update is deployed, it is recommended to restrict network access to vulnerable devices exclusively to trusted hosts through a firewall or network segmentation.

Who is affected

Wago 0852-1322 and Wago 0852-1328 devices (including their firmware); specific firmware versions indicated in the manufacturer's references.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Wago 0852 1322

    HW
    Wago
    wszystkie wersje
  • Wago 0852 1322 Firmware

    OS
    Wago
    < 02.64
  • Wago 0852 1328

    HW
    Wago
    wszystkie wersje
  • Wago 0852 1328 Firmware

    OS
    Wago
    < 02.64
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-41732CRITICAL9.8PL ✓ten sam produkt

Stack buffer overflow w urządzeniach WAGO 0852 — pełne przejęcie urządzenia

CVE-2023-4149CRITICAL9.8PL ✓ten sam vendor

WAGO 0852 — command injection w panelu zarządzania WWW (root RCE)

CVE-2023-1698CRITICAL9.8ten sam vendor

In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users an...

CVE-2022-45138CRITICAL9.8ten sam vendor

The configuration backend of the web-based management can be used by unauthenticated users, although only auth...

CVE-2022-45140CRITICAL9.8ten sam vendor

The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the s...