CVE-2025-41718 identifies a vulnerability in the Murrelektronik Firmware Impact67 Pro 54630, where sensitive information, specifically login credentials, is transmitted in cleartext over the network. This cleartext transmission violates secure communication principles and allows an unauthenticated remote attacker to intercept these credentials by eavesdropping on network traffic. The vulnerability is categorized under CWE-319, which pertains to the cleartext transmission of sensitive information. The attack vector is network-based (AV:N), requires no privileges (PR:N), no user interaction (UI:N), and affects the confidentiality of the system (C:H) without impacting integrity or availability. The flaw allows attackers to gain unauthorized access to the Web-UI of the device, potentially leading to further exploitation or control over the device. The affected product is used in industrial environments, where secure access to control interfaces is critical. No patches are currently listed, and no exploits have been reported in the wild, but the high CVSS score of 7.5 reflects the significant risk posed by this vulnerability. The lack of encryption or secure protocols for transmitting credentials is the root cause, making network traffic interception trivial for attackers with access to the same network segment or capable of man-in-the-middle attacks.

The primary impact of this vulnerability is the compromise of confidentiality, as attackers can capture login credentials and gain unauthorized access to the device's Web-UI. For European organizations, especially those in industrial automation, manufacturing, and critical infrastructure sectors, this could lead to unauthorized control or monitoring of operational technology systems. Although integrity and availability are not directly affected, unauthorized access could be leveraged to perform further malicious actions, including configuration changes or lateral movement within the network. The exposure of credentials over unencrypted channels increases the risk of espionage, sabotage, or disruption of industrial processes. Given the strategic importance of manufacturing and industrial control systems in Europe, exploitation could have significant operational and economic consequences. The absence of known exploits currently reduces immediate risk but does not diminish the urgency for mitigation, as attackers may develop exploits once the vulnerability details are widely known.

1. Immediately implement network segmentation to isolate devices running the affected firmware from general IT networks and untrusted segments. 2. Employ network-level encryption such as VPNs or secure tunnels (e.g., IPsec) to protect traffic to and from the impacted devices until a firmware update is available. 3. Monitor network traffic for unencrypted credential transmissions and unusual access attempts to the Web-UI. 4. Restrict access to the device management interfaces using firewall rules and access control lists to limit exposure to trusted hosts only. 5. Engage with Murrelektronik for firmware updates or patches addressing this vulnerability and apply them promptly once released. 6. Consider deploying intrusion detection/prevention systems (IDS/IPS) tuned to detect attempts to exploit cleartext credential transmission. 7. Educate operational technology personnel about the risks of unencrypted communications and enforce policies to avoid transmitting sensitive information in cleartext. 8. Where possible, replace or upgrade devices that do not support secure communication protocols.