CVE-2025-1393 (CVSS 9.8): Hard-Coded Credentials in Weidm-ller PROCON-WIN Expose Industrial Systems to Attack - #CVE-2025-1393
CERT@VDE and Weidmüller have disclosed a critical vulnerability in the PROCON-WIN industrial configuration tool, identified as CVE-2025-1393 with a CVSS score of 9.8. The flaw, stemming from hard-coded credentials, could allow unauthorized remote attackers to gain administrative access, potentially leading to operational disruptions, data breaches, and physical damage to industrial equipment. Weidmüller has addressed the issue by releasing an updated version, 5.7.14.1, and users are strongly advised to update immediately. This incident underscores the increasing trend of cyberattacks targeting industrial control systems and emphasizes the critical importance of maintaining up-to-date and secure industrial systems to protect against evolving cyber threats.