← back
CVE-2025-41648

Pilz: Authentication Bypass in IndustrialPI Webstatus

CVSS 9.8 CRITICALEPSS 0.7%CWE-704
An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available settings of the IndustrialPI.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Pilz · IndustrialPI 4 with IndustrialPI webstatus

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://certvde.com/en/advisories/VDE-2025-039