Sauter Modulo 6 Devices Modu680-as
6 CVEs affecting Sauter Modulo 6 Devices Modu680-as. Latest disclosed: 2025-10-22. Critical: 1, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-41723 | Critical | 9.8 | 2025-10-22 | The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to ar… |
CVE-2025-41719 | High | 8.8 | 2025-10-22 | A low privileged remote attacker can corrupt the webserver users storage on the device by setting a sequence of unsupported characters which leads to deletion… |
CVE-2025-41724 | High | 7.5 | 2025-10-22 | An unauthenticated remote attacker can crash the wscserver by sending incomplete SOAP requests. The wscserver process will not be restarted by a watchdog and a… |
CVE-2025-41722 | High | 7.5 | 2025-10-22 | The wsc server uses a hard-coded certificate to check the authenticity of SOAP messages. An unauthenticated remote attacker can extract private keys from the S… |
CVE-2025-41720 | Medium | 4.3 | 2025-10-22 | A low privileged remote attacker can upload arbitrary data masked as a png file to the affected device using the webserver API because only the file extension… |
CVE-2025-41721 | Low | 2.7 | 2025-10-22 | A high privileged remote attacker can influence the parameters passed to the openssl command due to improper neutralization of special elements when adding a p… |