VDB
CVE-2025-41691
CVE-2025-41691
PUBLISHED
CVSS 7.5 HIGH
A vulnerability in the runtime system's CmpDevice component allows unauthenticated attackers to cause a denial-of-service (DoS) via specially crafted communication requests. The issue is triggered by a NULL pointer dereference and also affects systems when outdated clients attempt to log in.
EPSS 0.40% · 61.0th percentile
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C
EPSS Score
0.40%
61.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| ABB | ABB AC500 V3 <3.9.0 |
Timeline
- Aug 3, 2025 CVE Published
- Aug 4, 2025 EPSS Score
- Aug 4, 2025 Coalition ESS Score
- Aug 4, 2025 PoC Published
- Aug 4, 2025 PoC Published
- Aug 4, 2025 CVE Updated
- Aug 13, 2025 EPSS Score
- Aug 21, 2025 EPSS Score
- Aug 22, 2025 Coalition ESS Score
- Aug 26, 2025 Coalition ESS Score
- Aug 30, 2025 EPSS Score
- Sep 7, 2025 EPSS Score
References
- https://psirt.abb.com/csaf/2026/3adr011524.json advisory
- https://search.abb.com/library/Download.aspx?DocumentID=3ADR011524&LanguageCode=en&DocumentPartId=&Action=Launch advisory
- https://api-www.codesys.com/fileadmin/user_upload/CODESYS_Group/Ecosystem/Up-to-Date/Security/Security-Advisories/Advisory2025-05_VIS-5003_.pdf advisory
- https://api-www.codesys.com/fileadmin/user_upload/CODESYS_Group/Ecosystem/Up-to-Date/Security/Security-Advisories/Advisory2025-07_CDS-93244.pdf advisory
- https://api-www.codesys.com/fileadmin/user_upload/CODESYS_Group/Ecosystem/Up-to-Date/Security/Security-Advisories/Advisory2025-08_CDS-94690.pdf advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-41691 advisory