GCVE - cpe:2.3:a:sauter:modulo_6_devices_modu660-as:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:sauter:modulo_6_devices_modu660-as:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Sauter (`2a1ee25b-b0b7-535f-9e93-2f8b75a935b1`)
Product	Modulo 6 Devices Modu660 As (`efb444db-e641-56e1-976b-504ef1f03a48`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-41724`	vulnerable	2026-06-08 07:25:07.869486	Sauter: Crash via Incomplete SOAP Request HIGH (7.5) An unauthenticated remote attacker can crash the wscserver by sending incomplete SOAP requests. The wscserver process will not be restarted by a watchdog and a device reboot is necessary to make it work again. Published: 2025-10-22T07:03:50.109Z Updated: 2025-10-22T15:48:40.087Z Open on db.gcve.eu Reference links https://sauter.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-060.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-41723`	vulnerable	2026-06-08 07:25:07.868768	Sauter: Directory Traversal in importFile SOAP Method CRITICAL (9.8) The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to arbitrary locations. Published: 2025-10-22T07:01:09.768Z Updated: 2025-10-22T13:28:51.323Z Open on db.gcve.eu Reference links https://sauter.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-060.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-41722`	vulnerable	2026-06-08 07:25:07.868010	Sauter: Hard-coded Authentication Credentials HIGH (7.5) The wsc server uses a hard-coded certificate to check the authenticity of SOAP messages. An unauthenticated remote attacker can extract private keys from the Software of the affected devices. Published: 2025-10-22T06:58:31.679Z Updated: 2025-10-22T13:30:10.827Z Open on db.gcve.eu Reference links https://sauter.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-060.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-41721`	vulnerable	2026-06-08 07:25:07.867505	Sauter: Command Injection LOW (2.7) A high privileged remote attacker can influence the parameters passed to the openssl command due to improper neutralization of special elements when adding a password protected self-signed certificate. Published: 2025-10-22T06:55:22.860Z Updated: 2025-10-22T13:31:30.683Z Open on db.gcve.eu Reference links https://sauter.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-060.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-41720`	vulnerable	2026-06-08 07:25:07.866833	Sauter: Arbitrary File Upload MEDIUM (4.3) A low privileged remote attacker can upload arbitrary data masked as a png file to the affected device using the webserver API because only the file extension is verified. Published: 2025-10-22T06:52:03.019Z Updated: 2025-10-22T15:48:07.323Z Open on db.gcve.eu Reference links https://sauter.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-060.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-41719`	vulnerable	2026-06-08 07:25:07.863687	Sauter: Improper Validation of user-controlled data HIGH (8.8) A low privileged remote attacker can corrupt the webserver users storage on the device by setting a sequence of unsupported characters which leads to deletion of all previously configured users and the creation of the default Administrator with a known default password. Published: 2025-10-22T06:48:30.796Z Updated: 2025-10-22T15:47:29.413Z Open on db.gcve.eu Reference links https://sauter.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-060.json	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.