CVE-2025-41713
📋 TL;DR
During device boot, a network switch operates in an undefined state where unauthenticated remote attackers can send traffic to unauthorized networks. This affects WAGO PFC200 devices with specific firmware versions. The vulnerability is resolved after a CPU-induced reset allows proper configuration.
💻 Affected Systems
- WAGO PFC200
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could route malicious traffic through the switch to unauthorized networks, potentially enabling lateral movement, data exfiltration, or network disruption.
Likely Case
Temporary network misconfiguration allowing unauthorized traffic flow during boot cycles, potentially exposing sensitive network segments.
If Mitigated
Minimal impact with proper network segmentation and monitoring during device reboots.
🎯 Exploit Status
Exploitation requires precise timing during device boot sequence and network access to the vulnerable device.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Firmware version 24.1.0 or later
Vendor Advisory: https://certvde.com/en/advisories/VDE-2025-083
Restart Required: Yes
Instructions:
1. Download firmware 24.1.0 or later from WAGO support portal. 2. Backup current configuration. 3. Upload and install new firmware via e!COCKPIT or web interface. 4. Verify successful update and restore configuration if needed.
🔧 Temporary Workarounds
Schedule reboots during maintenance windows
allCoordinate device reboots during periods of reduced network activity and increased monitoring.
Implement network monitoring during boot
allConfigure network monitoring tools to alert on unusual traffic patterns during device startup.
🧯 If You Can't Patch
- Implement strict network segmentation to limit potential lateral movement
- Monitor network traffic patterns during all device reboots and maintenance windows
🔍 How to Verify
Check if Vulnerable:
Check firmware version in e!COCKPIT or web interface. If version is below 24.1.0, device is vulnerable.Check Version:
In e!COCKPIT: Navigate to Device > Information > Firmware VersionVerify Fix Applied:
Confirm firmware version is 24.1.0 or higher and monitor network behavior during test reboot.📡 Detection & Monitoring
Log Indicators:
- Unusual traffic patterns logged during device boot sequence
- Multiple connection attempts to unauthorized network segments
Network Indicators:
- Traffic routing to unexpected network segments during switch startup
- Protocol anomalies during boot process
SIEM Query:
source="network_switch" AND (event="boot_complete" OR event="configuration_applied") AND traffic_destination NOT IN authorized_networks