Energy Meter 750-230 (2540910000) CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-41709	2 Janitza, Weidmueller	4 Umg 96rm-e 230v(5222062), Umg 96rm-e 24v(5222063), Energy Meter 750-230 (2540910000) and 1 more	2026-03-18	9.8 Critical
An unauthenticated remote attacker can perform a command injection via Modbus-TCP or Modbus-RTU to gain read and write access on the affected device.
CVE-2025-41711	2 Janitza, Weidmueller	4 Umg 96rm-e 230v(5222062), Umg 96rm-e 24v(5222063), Energy Meter 750-230 (2540910000) and 1 more	2026-03-11	5.3 Medium
An unauthenticated remote attacker can use firmware images to extract password hashes and brute force plaintext passwords of accounts with limited access.
CVE-2025-41712	2 Janitza, Weidmueller	4 Umg 96rm-e 230v(5222062), Umg 96rm-e 24v(5222063), Energy Meter 750-230 (2540910000) and 1 more	2026-03-11	6.5 Medium
An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get access to sensitive information on the device. This is a result of incorrect permission assignment for the web server.
CVE-2025-41710	2 Janitza, Weidmueller	4 Umg 96rm-e 230v(5222062), Umg 96rm-e 24v(5222063), Energy Meter 750-230 (2540910000) and 1 more	2026-03-11	6.5 Medium
An unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server with limited read and write privileges.

Page 1 of 1.