CVE-2025-41647

{"id": "CVE-2025-41647", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "info@cert.vde.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-06-25T10:15:22.747", "references": [{"url": "https://certvde.com/en/advisories/VDE-2025-043/", "source": "info@cert.vde.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "info@cert.vde.com", "description": [{"lang": "en", "value": "CWE-312"}]}], "descriptions": [{"lang": "en", "value": "A local, low-privileged attacker can learn the password of the connected controller in PLC Designer V4 due to an incorrect implementation that results in the password being displayed in plain text under special conditions."}, {"lang": "es", "value": "Un atacante local con pocos privilegios puede conocer la contrase\u00f1a del controlador conectado en PLC Designer V4 debido a una implementaci\u00f3n incorrecta que hace que la contrase\u00f1a se muestre en texto simple en condiciones especiales."}], "lastModified": "2025-06-26T18:57:43.670", "sourceIdentifier": "info@cert.vde.com"}