CVE-2025-41711 identifies a cryptographic weakness in the Janitza UMG 96RM-E 24V(5222063) energy metering device. The vulnerability arises from the use of a broken or risky cryptographic algorithm (classified under CWE-327), which is employed to protect password hashes stored within the device's firmware images. An unauthenticated remote attacker can obtain these firmware images, extract the password hashes, and perform offline brute force attacks to recover plaintext passwords. These passwords correspond to accounts with limited access privileges on the device. The vulnerability does not require any authentication or user interaction, making it accessible to remote attackers without prior credentials. However, the impact is confined to confidentiality as the attacker gains potential access to account credentials but cannot directly affect device integrity or availability. The CVSS v3.1 base score is 5.3, indicating medium severity, with attack vector being network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction (UI:N). No patches or firmware updates have been published yet to address this issue. The vulnerability was reserved in April 2025 and published in March 2026. Janitza devices are commonly used in industrial, energy management, and critical infrastructure environments, which raises concerns about potential downstream risks if credentials are compromised. No known exploits have been reported in the wild, but the risk of offline brute forcing remains due to weak cryptographic protections.

The primary impact of CVE-2025-41711 is the potential compromise of account credentials on Janitza UMG 96RM-E devices. Successful brute forcing of extracted password hashes can lead to unauthorized access to device management interfaces, even if only for accounts with limited privileges. This could enable attackers to gather sensitive operational data, modify configurations, or use the device as a foothold for further network intrusion. While the vulnerability does not directly affect device integrity or availability, compromised credentials can facilitate lateral movement within industrial or energy management networks, potentially leading to more severe attacks. Organizations relying on these devices in critical infrastructure sectors face increased risk of espionage, data leakage, or disruption through indirect means. The ease of exploitation (no authentication or user interaction needed) combined with the widespread use of Janitza products in energy and industrial markets amplifies the threat. However, the absence of known exploits in the wild and the medium CVSS score suggest the threat is moderate but should not be underestimated.

1. Limit network exposure of Janitza UMG 96RM-E devices by placing them behind firewalls and restricting access to trusted management networks only. 2. Monitor network traffic and device logs for unusual access attempts or brute force activities targeting device management interfaces. 3. Employ strong, unique passwords for all accounts on the device and change default credentials immediately. 4. Regularly check for firmware updates or security advisories from Janitza and apply patches promptly once available. 5. If firmware images are obtained for legitimate purposes, verify their integrity and avoid distribution to unauthorized parties to reduce risk of hash extraction. 6. Implement network segmentation to isolate critical infrastructure devices and limit lateral movement in case of credential compromise. 7. Consider deploying intrusion detection/prevention systems (IDS/IPS) tuned to detect anomalous behavior related to these devices. 8. Conduct periodic security assessments and penetration tests focusing on industrial control systems and energy management devices to identify and remediate weaknesses proactively.