CVE Alert: CVE-2025-41718 – Murrelektronik – Firmware Impact67 Pro 54630
CVE-2025-41718
A cleartext transmission of sensitive information vulnerability in the affected products allows an unauthorized remote attacker to gain login credentials and access the Web-UI.
AI Summary Analysis
Risk verdict
High risk: remote credential exposure via an unencrypted Web UI; exploitation is not evidenced in the current SSVC data, but urgent patching is advised.
Why this matters
Attackers can obtain login credentials over the network and gain access to the Web UI, enabling credential theft, account takeover, and potential exposure of further system functionality. The impact is confidentiality-focused but could serve as a foothold for broader network access in manufacturing environments.
Most likely attack path
Remote attacker connects to the device’s Web UI over the network (AV:N, UI:N, PR:N, AC:L). Since no user interaction is required and privileges are not needed, credentials can be captured in transit if HTTP is used. Lateral movement is plausible within a flat or poorly segmented network, but success hinges on maintaining Web UI access and the attacker intercepting credentials before encryption is enforced by a patch.
Who is most exposed
Industrial automation deployments with exposed Web UI on shop-floor or remote-access networks are most at risk, especially where network segmentation is weak and devices sit in reachable segments without TLS.
Detection ideas
- Monitor for HTTP login requests to the affected Web UI (cleartext credentials observed).
- Inspect network captures for credentials appearing in plaintext.
- Look for repeated login attempts or anomalous IPs accessing the UI.
- Correlate Web UI login events with credential exposure indicators in logs.
- Flag unencrypted ports (HTTP) on devices that should require TLS.
Mitigation and prioritisation
- Apply vendor firmware update to address unencrypted credential transmission.
- Enforce HTTPS for Web UI; disable or restrict remote Web UI exposure; use VPN or zero-trust access.
- Implement network segmentation and access controls around affected devices.
- Rotate credentials post-update; audit for default or weak credentials.
- Change-management: test patch in staging, schedule downtime if needed. If KEV is true or EPSS ≥ 0.5, treat as priority 1.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
