CVE-2025-3200: Com-Server Exposed via Weak TLS

9.1 CVSS

Description

An unauthenticated remote attacker could exploit the used, insecure TLS 1.0 and TLS 1.1 protocols to intercept and manipulate encrypted communications between the Com-Server and connected systems.

Classification

CVE ID: CVE-2025-3200

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Problem Types

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

Affected Products

Vendor: Wiesemann & Theis

Product: Com-Server++, Com-Server PoE 3x Isolated, Com-Server 20mA, Com-Server OEM, Com-Server UL

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 3.03% (scored less or equal to compared to others)

EPSS Date: 2025-05-27 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-3200
https://certvde.com/en/advisories/VDE-2025-031/

Timeline

2025-04-28 11:40:21 UTC
CVE

Com-Server Exposed via Weak TLS