Weidmueller Industrial Router Vulnerabilities Allow Remote Code Execution

Weidmueller Interface GmbH & Co. KG has released urgent firmware updates to address five critical security vulnerabilities affecting their IE-SR-2TX series security routers, according to a security advisory published by CERT@VDE on July 23, 2025.

Multiple High-Severity Flaws Pose Significant Risk

The affected devices include three models of Weidmueller’s industrial security routers: IE-SR-2TX-WL, IE-SR-2TX-WL-4G-EU, and IE-SR-2TX-WL-4G-US-V.

The vulnerabilities, tracked as CVE-2025-41661, CVE-2025-41663, CVE-2025-41683, CVE-2025-41684, and CVE-2025-41687, carry severity scores ranging from 8.8 to 9.8 on the Common Vulnerability Scoring System (CVSS).

`1The most severe vulnerabilities could allow unauthenticated remote attackers to execute arbitrary commands with root privileges on affected devices.

One particularly concerning flaw involves a stack-based buffer overflow in the u-link Management API that enables attackers to gain full system access.

Another vulnerability allows command injection through man-in-the-middle attacks when clients use insecure proxy configurations.

Additional security weaknesses include a lack of Cross-Site Request Forgery (CSRF) protection that permits remote command execution, and improper input sanitization in the Main Web Interface endpoints for email testing and TLS IoT generation settings.

These flaws collectively represent a significant threat to industrial network security infrastructure.

Coordinated Disclosure and Remediation

The vulnerabilities were discovered through coordinated disclosure efforts by ONEKEY Research Labs and Reid Wightman of Dragos Inc., working with Weidmueller and CERT@VDE.

This collaborative approach ensured that fixes were developed before public disclosure, minimizing the window of exposure for affected users.

Weidmueller has released updated firmware versions to address all identified vulnerabilities.Users should immediately upgrade to version 1.49 for IE-SR-2TX-WL devices, and version 1.62 for both IE-SR-2TX-WL-4G-EU and IE-SR-2TX-WL-4G-US-V models.

Security Recommendations

Beyond applying the firmware updates, Weidmueller strongly recommends implementing additional security measures.

Organizations should change default passwords immediately and minimize network exposure of these devices by limiting access to trusted networks only.

Proper network segmentation and access controls are essential for protecting industrial infrastructure from potential exploitation.

The discovery of these vulnerabilities underscores the critical importance of regular security assessments in industrial environments.

As operational technology increasingly connects to corporate networks and the internet, the attack surface expands significantly.

Organizations relying on these devices should prioritize the firmware updates and conduct comprehensive security reviews of their industrial network configurations.

This incident highlights the ongoing cybersecurity challenges facing industrial control systems and the need for robust vulnerability management programs in operational technology environments.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates

The post Weidmueller Industrial Router Vulnerabilities Allow Remote Code Execution appeared first on Cyber Security News.