VDE-2025-043

Vulnerability from csaf_lenzese - Published: 2025-06-25 10:00 - Updated: 2025-06-25 10:00
Summary
Lenze: PLC Designer V4 with insecure storage of sensitive information
Severity
Medium
Notes
Summary: A security vulnerability was discovered in the PLC Designer V4 in the version 4.0.0 where the programmer of a Controller can set a password for the connected device. Here it is possible in an interface of the PLC Designer V4 for the programmer to enter a password for the Device. There is a special constellation where the password entered appears in plain text. Only the display in the tool is affected and not the management of the password on the device. This vulnerability of PLC Designer V4 only occurs in combination with the devices c430 controller, c520 controller and c550 controller and not in combination with other devices, as this functionality is only used here. It is generally recommended that all users update to 4.0.1, but especially all users who operate PLC Designer V4 in combination with the controllers mentioned.
General Recommendations: The cyber security documentation currently describes some of the implemented functions and is thus intended to provide clarity in the functions described here.
Disclamer: Lenze SE assumes no liability whatsoever for any kind of losses or consequential losses that occur by the distribution and/or use of this document . All information published in this document is provided on good faith by Lenze SE. Insofar as permissible by law, however, none of this information shall establish any guarantee, commitment or liability on the part of Lenze SE. Lenze SE reserves the right to change or update this document at any time.
Impact: This vulnerability may lead to unintended exposure of passwords in plain text within the PLC Designer V4 interface, potentially allowing unauthorized individuals with access to the engineering workstation to view sensitive credentials. The issue is limited to versions 4.0.0 used with c430, c520, and c550 controllers, and does not affect password handling on the device itself.
Mitigation: The PLC Designer V4 tool is designed and developed for use in closed and protected security zones. Lenze therefore strongly recommends that this tool is only used in familiar areas. As this security vulnerability relates to a plain text display of an entered password and not to the password method saved afterwards, it is recommended as mitigation to protect the viewing area of the tool from strangers when entering it in order to prevent the shoulder surfing attack method.
Remediation: This vulnerability has been fixed in the new version. All users are strongly recommended to use the new version 4.0.1.
CVE-2025-41647

A local, low-privileged attacker can learn the password of the connected controller in PLC Designer V4 due to an incorrect implementation that results in the password being displayed in plain text under special conditions.

5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE-312 - Cleartext Storage of Sensitive Information
Vendor Fix This vulnerability has been fixed in the new version. All users are strongly recommended to use the new version 4.0.1.
Mitigation The PLC Designer V4 tool is designed and developed for use in closed and protected security zones. Lenze therefore strongly recommends that this tool is only used in familiar areas. As this security vulnerability relates to a plain text display of an entered password and not to the password method saved afterwards, it is recommended as mitigation to protect the viewing area of the tool from strangers when entering it in order to prevent the shoulder surfing attack method.
References
Acknowledgments
CERT@VDE certvde.com
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      }
    ],
    "aggregate_severity": {
      "namespace": "https://www.first.org/cvss/calculator/3.1",
      "text": "Medium"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "A security vulnerability was discovered in the PLC Designer V4 in the version 4.0.0 where the programmer of a Controller can set a password for the connected device. Here it is possible in an interface of the PLC Designer V4 for the programmer to enter a password for the Device. There is a special constellation where the password entered appears in plain text. Only the display in the tool is affected and not the management of the password on the device. This vulnerability of PLC Designer V4 only occurs in combination with the devices c430 controller, c520 controller and c550 controller and not in combination with other devices, as this functionality is only used here. It is generally recommended that all users update to 4.0.1, but especially all users who operate PLC Designer V4 in combination with the controllers mentioned.",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "The cyber security documentation currently describes some of the implemented functions and is thus intended to provide clarity in the functions described here. ",
        "title": "General Recommendations"
      },
      {
        "category": "legal_disclaimer",
        "text": "Lenze SE assumes no liability whatsoever for any kind of losses or consequential losses that occur by the distribution and/or use of this document . All information published in this document is provided on good faith by Lenze SE. Insofar as permissible by law, however, none of this information shall establish any guarantee, commitment or liability on the part of Lenze SE. Lenze SE reserves the right to change or update this document at any time.",
        "title": "Disclamer"
      },
      {
        "category": "description",
        "text": "This vulnerability may lead to unintended exposure of passwords in plain text within the PLC Designer V4 interface, potentially allowing unauthorized individuals with access to the engineering workstation to view sensitive credentials. The issue is limited to versions 4.0.0 used with c430, c520, and c550 controllers, and does not affect password handling on the device itself.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "The PLC Designer V4 tool is designed and developed for use in closed and protected security zones. Lenze therefore strongly recommends that this tool is only used in familiar areas. As this security vulnerability relates to a plain text display of an entered password and not to the password method saved afterwards, it is recommended as mitigation to protect the viewing area of the tool from strangers when entering it in order to prevent the shoulder surfing attack method.",
        "title": "Mitigation"
      },
      {
        "category": "description",
        "text": "This vulnerability has been fixed in the new version. All users are strongly recommended to use the new version 4.0.1.",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@lenze.com",
      "name": "Lenze SE",
      "namespace": "https://www.lenze.com"
    },
    "references": [
      {
        "category": "external",
        "summary": "Lenze SE Product Security Incident Response Team (PSIRT)",
        "url": "https://www.lenze.com/en-de/services/cyber-security"
      },
      {
        "category": "external",
        "summary": "https://www.lenze.com/en-de/services/cyber-security",
        "url": "https://certvde.com/en/advisories/vendor/lenze/"
      },
      {
        "category": "self",
        "summary": "VDE-2025-043: Lenze: PLC Designer V4 with insecure storage of sensitive information - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2025-043/"
      },
      {
        "category": "self",
        "summary": "VDE-2025-043: Lenze: PLC Designer V4 with insecure storage of sensitive information - CSAF",
        "url": "https://lenze.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-043.json"
      }
    ],
    "title": "Lenze: PLC Designer V4 with insecure storage of sensitive information",
    "tracking": {
      "aliases": [
        "VDE-2025-043"
      ],
      "current_release_date": "2025-06-25T10:00:00.000Z",
      "generator": {
        "date": "2025-06-23T08:21:40.731Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.27"
        }
      },
      "id": "VDE-2025-043",
      "initial_release_date": "2025-06-25T10:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-06-25T10:00:00.000Z",
          "number": "1",
          "summary": "Initial Version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version",
                    "name": "4.0.0",
                    "product": {
                      "name": "PLC Designer V4 4.0.0",
                      "product_id": "CSAFPID-51001"
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "4.0.1",
                    "product": {
                      "name": "PLC Designer V4 4.0.1",
                      "product_id": "CSAFPID-52001"
                    }
                  }
                ],
                "category": "product_name",
                "name": "PLC Designer V4"
              }
            ],
            "category": "product_family",
            "name": "Software"
          }
        ],
        "category": "vendor",
        "name": "Lenze"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-41647",
      "cwe": {
        "id": "CWE-312",
        "name": "Cleartext Storage of Sensitive Information"
      },
      "notes": [
        {
          "category": "description",
          "text": "A local, low-privileged attacker can learn the password of the connected controller in PLC Designer V4 due to an incorrect implementation that results in the password being displayed in plain text under special conditions.",
          "title": "Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-52001"
        ],
        "known_affected": [
          "CSAFPID-51001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "This vulnerability has been fixed in the new version. All users are strongly recommended to use the new version 4.0.1.",
          "product_ids": [
            "CSAFPID-51001"
          ]
        },
        {
          "category": "mitigation",
          "details": "The PLC Designer V4 tool is designed and developed for use in closed and protected security zones. Lenze therefore strongly recommends that this tool is only used in familiar areas. As this security vulnerability relates to a plain text display of an entered password and not to the password method saved afterwards, it is recommended as mitigation to protect the viewing area of the tool from strangers when entering it in order to prevent the shoulder surfing attack method.",
          "product_ids": [
            "CSAFPID-51001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-51001"
          ]
        }
      ],
      "title": "CVE-2025-41647"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.